350 rub
Journal Highly available systems №2 for 2011 г.
Article in number:
Modern network threat protection - is security real?
Keywords: intrusion detection evasion information security
Authors:
D.V. Ushakov
Abstract:
Modern network security devices operate traffic analysis modules, which basically alert upon triggering a specific rule, this rule analyzing a sequence of symbols within an information stream. Thus normalization and appropriate parsing of the transferred information becomes critical. Hackers normally utilize this feature and try to "avoid" detection using a number of different techniques. Evasion techniques have been known since the middle of 90-s, but it was only during the past year, that their deep investigation questioned the adequacy of the network security systems typically used within organizations
Pages: 117-121
References
  1. Six tips for protecting critical data against Advanced Evasion Techniques, http://www.stonesoft.com/en/press_ and_media/releases/en/2011/24032011.html-uri=/en/press_and_media/releases/en/index.html
  2. New Advanced Evasion Techniques Discovered and Disclosed for Global Vulnerability Coordination, http://www. stonesoft.com/en/press_and_media/releases/en/2011/15022011.html-uri=/en/press_and_media/releases/en/2011/index.html
  3. Stonesoft Discloses First Details of Advanced Evasion Techniques, http://www.stonesoft.com/en/press_ and_media/releases/en/2010/16122010.html-uri=/en/press_and_media/releases/en/2010/index.html
  4. Stonesoft Releases Technical Paper on Advanced Evasion Techniques, http://www.stonesoft.com/en/press_ and_media/releases/en/2010/30112010.html-uri=/en/press_and_media/releases/en/2010/index.html
  5. Stonesoft Corporation: Advanced Evasion Techniques Bypass Almost All Current Network Security Systems Without Leaving A Trace, http://www.stonesoft.com/en/press_and_media/releases/en/2010/18102010.html-uri=/en/press_ and_media/ releases/en/2010/index.html
  6. Stonesoft Corporation: New Network Security Threat Category Puts The Functionality Of Organizations - Data Capital And Systems At Risk, http://www.stonesoft.com/en/press_and_media/releases/en/2010/04102010.html-uri=/en/press_and_ media/releases/en/2010/index.html
  7. Новый пласт угроз информационной безопасности - динамические техники обхода // Information Security / Информационная безопасность. № 6. 2010.
  8. IBM XForce Threat Reports, http://www-935.ibm.com/services/us/iss/xforce/trendreports/
  9. Robustness principle, http://en.wikipedia.org/wiki/Robustness_principle
  10. Gartner on AETs, http://www.antievasion.com/gartner
  11. CVE Vulenrabilities in NVD, http://web.nvd.nist.gov/view/vuln/search-execution=e2s1
  12. Stonesoft introduces New Anti-Evasion Readiness Test Tool and Service, http://www.stonesoft.com/en/press_and_media/releases/en/2011/01062011.html&uri=/en/press_and_media/releases/en/index.html