Stonesoft Discloses First Details of Advanced Evasion Techniques

Stonesoft Discloses First Details of Advanced Evasion Techniques

ID: 49784

(Thomson Reuters ONE) -


Security vendors have had up to six months time
to provide security updates against 23 new evasion methods

Helsinki, Finland - December 16, 2010 - Stonesoft, an innovative provider of
integrated network security and business continuity solutions, today announced
the availability of detailed technical descriptions of the first set Advanced
Evasion Techniques (AETs). The first samples comprising of 23 evasion methods
and their descriptions were delivered to CERT-FI in May, September and October
2010. Within the CERT-FI vulnerability coordination process, security vendors
have had up to six months time to find a way to update their systems against
these newly found threats. The technical descriptions of the 23 AETs are
available at www.antievasion.com.

Yesterday, 15 December 2010 CERT-FI released their advisory after giving network
security vendors up to six months time to research AETs, find remediation and
give their statement about the threat. According to the advisory, the vendors
have provided few statements to identify fixed versions.

"We, like everyone else, were expecting vendor community to respect the process
and state whether they are vulnerable to these Advanced Evasion Techniques or
not. Moreover, if they are vulnerable, they should state when and how they will
update their systems to provide protection against these AETs. " said Juha
Kivikoski, Chief Operating Officer at Stonesoft.

"It seems that in many cases the fixes provided address the evasions only by
terminating suspicious connections based on the specific parameters used in the
samples, thereby causing traffic disruptions and failing to protect against the
evasions trivially modified changing the values used", explains Mika Jalava,
Chief Technology Officer at Stonesoft. "The correct way, of course, would be to
understand the protocol and normalize it before inspection. It is not enough to




fingerprint for evasions themselves, as they are easily modified to thwart
simple matching. This kind of detection is also prone to false positives. Many
of the evasion methods are basically protocol features that are allowed by
today's standards. Moreover, simply detecting and preventing any traffic that
might be utilizing evasions to hide attacks does not tell the administrator
anything about the actual exploits."

StoneGate solution and protection

Inspection-based network security systems must understand the different protocol
layers the same way end hosts decode them. As new evasion techniques evolve, the
functionality responsible for this task, the normalization engine, must evolve
with them. Stonesoft's StoneGate IPS solutions as well as firewalls with deep
inspection capabilities are fully remotely upgradable including all levels of
network traffic normalization and not bound to specific hardware
implementations.

In the long term, Stonesoft recommends programmers, designers and Internet
standardization authorities to take a more strict position against ambiguity in
network protocols. Today's networking problems are more often related to
security than compatibility with obsolete systems. Often security issues -
especially those related to evasions - are caused by protocol implementations
that try to conform to different encoding techniques. Security should be an
inherent part of protocol design and standardization, not an afterthought."


New AETs discovered

Stonesoft R&D continues to work with CERT-FI to disclose more of AETs. Compared
to the first 23, the new set of recordings will include more advanced and
combined AETs working cross multiple protocols and layers simultaneously.

Stonesoft expects the coordination process to take more time this time because
the next set of AETs will be more challenging than the previous ones and have
not been implemented in any publicly available testing tools or seen as part of
any certification or testing criteria yet.

"In the meanwhile, we will continue our research to be able to keep ahead of the
cyber criminals and to help organizations protect their digital assets against
AETs", says Kivikoski. "AETs have proven to pose new challenges to intrusion
prevention systems, and the security community cannot continue to ignore this
threat any longer."

The updated CERT-FI advisory is available at
http://www.cert.fi/en/reports/2010/vulnerability385726.html.

The technical details of the 23 AETs are available at
http://www.antievasion.com/principles/principles/part-3.


Contact:
Stonesoft Corporation
Juha Kivikoski
Chief Operating Officer
tel. + 358 40 518 0999
juha.kivikoski(AT)stonesoft.com


About Stonesoft
Stonesoft Corporation (NASDAQ OMX: SFT1V) is an innovative provider of
integrated network security solutions to secure the information flow of
distributed organizations. Stonesoft customers include enterprises with growing
business needs requiring advanced network security and always-on business
connectivity.

StoneGate(TM) Secure Connectivity Solution unifies firewall, VPN, IPS and SSL
VPN blending network security, end-to-end availability and award-winning load
balancing into a unified and centrally managed system. The key benefits of the
StoneGate solution include low TCO, excellent price-performance ratio and high
ROI. The StoneGate Virtual Security Solutions protect the network and ensure
business continuity in both virtual and physical network environments.

StoneGate Management Center provides unified management for StoneGate Firewall
with VPN, IPS and SSL VPN. StoneGate Firewall and IPS work together to provide
intelligent defense all over the enterprise network while StoneGate SSL VPN
provides enhanced security for mobile and remote use.

Founded in 1990, Stonesoft Corporation is a global company with corporate
headquarters in Helsinki, Finland and Americas headquarters in Atlanta, Georgia.
For more information, visit www.stonesoft.com, www.antievasion.com and the
corporate blog http://stoneblog.stonesoft.com.







This announcement is distributed by Thomson Reuters on behalf of
Thomson Reuters clients. The owner of this announcement warrants that:
(i) the releases contained herein are protected by copyright and
other applicable laws; and
(ii) they are solely responsible for the content, accuracy and
originality of the information contained therein.

Source: Stonesoft Oyj via Thomson Reuters ONE

[HUG#1473258]


Weitere Infos zu dieser Pressemeldung:
Unternehmensinformation / Kurzprofil:
drucken  als PDF  an Freund senden  Form 8.3 Trintech Group Plc Nokia files patent infringement complaints against Apple in the UK, Germany and the Netherlands
Bereitgestellt von Benutzer: hugin
Datum: 16.12.2010 - 13:51 Uhr
Sprache: Deutsch
News-ID 49784
Anzahl Zeichen: 7211

contact information:
Town:

Helsinki



Kategorie:

Business News



Diese Pressemitteilung wurde bisher 377 mal aufgerufen.


Die Pressemitteilung mit dem Titel:
"Stonesoft Discloses First Details of Advanced Evasion Techniques"
steht unter der journalistisch-redaktionellen Verantwortung von

Stonesoft Oyj (Nachricht senden)

Beachten Sie bitte die weiteren Informationen zum Haftungsauschluß (gemäß TMG - TeleMedianGesetz) und dem Datenschutz (gemäß der DSGVO).

Stonesoft accelerates its research and development ...

Helsinki, Finland -1 December 2009 - Stonesoft, an innovative provider of integrated network security and business continuity solutions, establishes a new research and development unit in Cracow, Poland in January 2010. The unit will employ seven (7) ...

Alle Meldungen von Stonesoft Oyj



 

Werbung



Sponsoren

foodir.org The food directory für Deutschland
News zu Snacks finden Sie auf Snackeo.
Informationen für Feinsnacker finden Sie hier.

Firmenverzeichniss

Firmen die firmenpresse für ihre Pressearbeit erfolgreich nutzen
1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z