• Latest

New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination

14 February, 2011
China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

19 December, 2020
Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

18 December, 2020
TEMSA: Bus exports to be delivered to the heart of the European Union

TEMSA: Bus exports to be delivered to the heart of the European Union

18 December, 2020
EU tries to reshape the rules of the Internet

EU tries to reshape the rules of the Internet

17 December, 2020
Matterport Brings 3D Capture to the iPhone

Matterport Brings 3D Capture to the iPhone

5 May, 2020
NASA Administrator Statement on Agency Coronavirus Status

NASA Administrator Statement on Agency Coronavirus Status

15 March, 2020
Technology Supports Social Distancing in age of Covid-19

Technology Supports Social Distancing in age of Covid-19

15 March, 2020
Second Staff Exchange Between EU CyberSecurity Organizations

Second Staff Exchange Between EU CyberSecurity Organizations

19 February, 2020
Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

Iranian Professor on the Iran-US escalation: “Iranians expected to hear a clear and steadfast condemnation from Turkish authorities over Soleimani’s death”

16 February, 2020
Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

Badly Trained Spam – Only A Quarter of Brits Train their Spam Filter

6 February, 2020
Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

31 January, 2020
Turkish Competition Authority’s Android Decision

Turkish Competition Authority’s Android Decision

18 December, 2019
  • About Us
  • Contact Us
  • Homepage
  • Latest News
  • News Widget
  • Privacy Policy
Monday, April 19, 2021
  • Login
  • Register
Globaltelconews
Advertisement
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy
No Result
View All Result
Globaltelconews
No Result
View All Result
Home GENERAL English

New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination

globaltelconews-admin by globaltelconews-admin
14 February, 2011
in English
0
1k
VIEWS
Share on FacebookShare on Twitter

London, UK February 14, 2011 Stonesoft, an innovative provider of integrated network security and business continuity solutions, today announced it has discovered 124 new advanced evasion techniques (AETs). Samples of these AETs have been delivered to the Computer Emergency Response Team (CERT-FI), who will continue to coordinate a global vulnerability coordination effort.

The discovery of AETs was first reported in October 2010. Since that time, Stonesoft has continued extensive research in the area, which has led to the discovery of 124 new threats. Stonesoft continues to research AETs found in its R&D laboratories and in the wild.

Many vendors claimed to have fixed the product vulnerabilities disclosed in CERT-FIs initial advisories on the 23 AETs discovered last fall. However, real-life testing in Stonesofts research lab confirms that AETs are still able to penetrate many of these systems without detection. In other cases, simple microscopic changes to an AET such as changing byte size and segmentation offset allow them to bypass the products detection capabilities. This demonstrates that most vendors are only providing temporary and inflexible fixes to the growing AET concern, rather than researching and solving the fundamental architecture issues that give way to these vulnerabilities.

It seems that those who claim to have 100 percent protection against advanced evasion techniques do not really understand the magnitude of the problem nor have they done enough research around the issue. The discoveries made so far are only the tip of the iceberg, says Joona Airamo, chief information security officer at Stonesoft.

Traditional and advanced evasion techniques have become of increasing concern to the network security community. In its Network IPS Group Test Q4 2010, independent testing lab NSS Labs described IP fragmentation and TCP segmentation evasions as a grave threat stating if an attacker can avoid detection by fragmenting packets or segmenting TCP streams, an Intrusion Prevention System will be completely blind to ALL attacks.

“Missing an evasion means a hacker can use an entire class of exploits to circumvent a security product, rendering it virtually useless, said Rick Moy, president, NSS Labs. Combining certain evasions further increases the likelihood of success for attackers, and elevates the risk to enterprises.

While there is no single solution to eliminating the threat of AETs, organisations can mitigate the risks and lessen their vulnerability. One such way is making sure the security devices they use do a proper multilayer normalisation process, working on all relevant protocol layers for each connection. Centralised management is also critical as it enables constant updates and upgrades to be made deep within a networks security architecture. Unfortunately, fingerprinting and signature-based matching typical security responses for the actual exploits do not work with the dynamic, combinatory and constantly evolving nature of AETs.

Bob Walder, research director at Gartner, Inc., who discussed AETs at length in his November 2010 report entitled Advanced Evasion Techniques (AET): Weapon of Mass Destruction or Absolute Dud comments: “Evasion techniques are not new, yet still present a credible threat against the network security infrastructure that protects governments, commerce and information-sharing worldwide. Recent research has, thankfully, forced this issue once again into the spotlight, and network security vendors need to devote the research and resources to finding a solution.”

Popular Posts

  • Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

    Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

    0 shares
    Share 0 Tweet 0
  • EML Launches Branded Winnings Card with European Gaming customer Betsson in Sweden

    0 shares
    Share 0 Tweet 0
  • Last Exit: Revolutionize the Way Plastic is Used

    0 shares
    Share 0 Tweet 0
  • Europol Hosts 3rd Conference on Criminal Finances and Crypto Currencies

    0 shares
    Share 0 Tweet 0
  • GardaWorld Enhances Travel Security Services with Launch of 2019 Global Mobility Risk Map

    3 shares
    Share 3 Tweet 0
  • UK Joined in European Fibre Broadband Rankings

    0 shares
    Share 0 Tweet 0
  • Trending
  • Comments
  • Latest
Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

Year 2020: What is the Status of 5G Rollout Worldwide and Turkey

31 January, 2020
EML Launches Branded Winnings Card with European Gaming customer Betsson in Sweden

EML Launches Branded Winnings Card with European Gaming customer Betsson in Sweden

4 February, 2019
Last Exit: Revolutionize the Way Plastic is Used

Last Exit: Revolutionize the Way Plastic is Used

27 December, 2018
Europol Hosts 3rd Conference on Criminal Finances and Crypto Currencies

Europol Hosts 3rd Conference on Criminal Finances and Crypto Currencies

11 March, 2019

Turkish National Operating System; Gelecek Linux

0

Turkish ISP Sector Got a Breathe

0

Turkcell and Telsim Sentenced to Penalty of Record

0

Turkcell’s Return to Council Decision

0
China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

19 December, 2020
Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

18 December, 2020
TEMSA: Bus exports to be delivered to the heart of the European Union

TEMSA: Bus exports to be delivered to the heart of the European Union

18 December, 2020
EU tries to reshape the rules of the Internet

EU tries to reshape the rules of the Internet

17 December, 2020

Placeholder text. Slogal goes here.

Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis a nulla pariatur.

Latest Posts

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

China Liberal Education Holdings Limited Starts Higher Volume Production and Expands Domestic Sales Channels of All-in-one Machine AI-Space

19 December, 2020
Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

Bell connecting Canadians at home for the holidays with free TV programming and no extra usage fees on residential Internet

18 December, 2020

Navigation

  • Authors
  • Author Login
  • Author Application
  • Advertisement
  • About Us
  • Contact Us
  • Privacy Policy
  • Terms of Use
  • Sitemap

Subscribe to Our Newsletter

We keep your data private and share your data only with third parties that make this service possible. Read our Privacy Policy.

Check your inbox or spam folder to confirm your subscription.

© 2018 Globaltelconews.com

No Result
View All Result
  • IT
  • Telecom
  • Mobile
  • e-Commerce
  • Fintech
  • Security
  • New Tech
  • About
    • About Us
    • Contact Us
    • Privacy Policy

© 2018 Globaltelconews.com

Welcome Back!

Login to your account below

Forgotten Password? Sign Up

Create New Account!

Fill the forms below to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In