YOUR FEEDBACK
Virtualization Viewpoint: Cloud Computing Casts Shadow on Walled Gardens
Neil Mansilla wrote: I've been working and deploying applications on the W...
May. 16, 2008 03:33 PM
SOA World Conference
Virtualization Conference
$200 Savings Expire May 16, 2008... – Register Today!
Did you read today's front page stories & breaking news?
SYS-CON.TV: How Do You Minimize Unpleasant Surprises in Your Java Code? Guest Nigel Cheshire

SYS-CON.TV
SYS-CON.TV WEBCASTS
JACKBE The Big A(architecture in AJAX)
INSTANTIATIONS Eclipse Rich Internet Platform with Taylor and Milinkovich
YAHOO! Applying AJAX to Speed User's Journey
ENERJY WEBCAST Java Code Quality Management
APP SERVER SHOOT-OUT with Microsoft, IBM, JBoss, Sun, BEA, and Oracle
TODAY'S TOP SOA & WEBSERVICES LINKS


Solutions
Information Security - What to Look for in an Endpoint Intrusion Prevention Solution
A safety checklist. Internet worms propagate too quickly for such reactive solutions to be effective

By: Saman Amarasinghe
Jul. 30, 2005 03:00 PM
Digg This!

Page 2 of 2   « previous page

6. Uncircumventability
Uncircumventability of a solution is essential for a viable defense against attackers who are knowledgeable, resolute, and resourceful. Shockingly, many solutions out on the market are easily circumvented. To test a solution fully against zero-day attacks you would need to create a new attack, which isn't practical. However, there are other alternatives. Attack tools are available on the market that use a collection of existing vulnerabilities and attacks to probe a system. Make sure you test the solution on an unpatched system vulnerable to those attacks. Another approach is to ask competing vendors to break each other's products. The Internet has become a powerful educational tool for attackers and you can also benefit from it too. You may be surprised to find information on simple ways to break most products on the Internet. Don't be an emperor without any clothes by using an easily circumvented solution and convincing yourself and your organization that you're well protected.

7. Containment
Containment indicates how successful an attack is before the solution can detect and stop it. A solution that stops an attack before it's loaded into the system or before a single instruction from the malicious payload gets executed provides the best containment. If the attack partially executes, you may be required to do a detailed forensic analysis. For example, California privacy law SB 1386 requires that companies disclose any possibility of a security breach. Furthermore, executing even a small number of instructions provides an attacker with an opportunity to circumvent the solution.

Sidebar:

What Is an Ideal Endpoint Intrusion Prevention Solution?

Accuracy: An ideal solution produces zero false positives.

Maintainability: An ideal solution is easy to maintain and administer.

Scalability: An ideal solution scales across the entire enterprise.

Coverage: An ideal solution completely covers the class of attacks you're trying to protect against.

Proactivity: An ideal solution proactively blocks attacks without any special knowledge of the attack or the vulnerability.

Uncircumventability: An ideal solution is impossible for hackers to circumvent.

Containment: An ideal solution stops the attack before it causes damage and spreads.


Page 2 of 2   « previous page

Published Jul. 30, 2005 — Reads 11,441
Copyright © 2008 SYS-CON Media. All Rights Reserved.
About Saman Amarasinghe
Dr. Saman Amarasinghe is cofounder and CTO of Determina, Inc., an associate professor of the Department of Electrical Engineering and Computer Science at MIT, and a member of the Computer Science and Artificial Intelligence Laboratory (CSAIL).

Juergen Brendel wrote: The ability to help against zero-day anomalies, such as DDoS attacks or worms, is of course an important one, as outlined in the article. The problem is that most so-called behavioral anomaly detection solutions may be able to detect the presence of an anomaly even without prior signature knowledge (zero-day). They might then be able to tell you the ports and protocols used, and maybe also the machines that are involved. However, more often than not, there are no fine-grained signatures forth-coming from those solutions. When you then try to use this information to stop the worm or DDoS attack or other zero-day anomaly you are likely to cut out innocent traffic as well. The signature is too broad. Therefore, it is necessaary to have the ability to generate truly fine-grained signatures of the...
read & respond »
Kalevi Nyman wrote: Why is Linux NOT afected by all you mention above?
read & respond »
PBDJ News Desk wrote: Information Security - What to Look for in an Endpoint Intrusion Prevention Solution Even in the best of times, security products that aim to thwart worms are playing catch-up. Anti-virus and anti-malware products are populated with signatures created for attack specific signatures, which are created and distributed only after an attack is underway. Internet worms propagate too quickly for such reactive solutions to be effective. This is a major problem in maintaining information security as well as providing business continuity for many organizations.
read & respond »
.NET News Desk wrote: Information Security - What to Look for in an Endpoint Intrusion Prevention Solution Even in the best of times, security products that aim to thwart worms are playing catch-up. Anti-virus and anti-malware products are populated with signatures created for attack specific signatures, which are created and distributed only after an attack is underway. Internet worms propagate too quickly for such reactive solutions to be effective. This is a major problem in maintaining information security as well as providing business continuity for many organizations.
read & respond »
ISSJ News Desk wrote: Information Security - What to Look for in an Endpoint Intrusion Prevention Solution Even in the best of times, security products that aim to thwart worms are playing catch-up. Anti-virus and anti-malware products are populated with signatures created for attack specific signatures, which are created and distributed only after an attack is underway. Internet worms propagate too quickly for such reactive solutions to be effective. This is a major problem in maintaining information security as well as providing business continuity for many organizations.
read & respond »
SUBSCRIBE TO THE WORLD'S MOST POWERFUL NEWSLETTERS
SUBSCRIBE TO OUR RSS FEEDS & GET YOUR SYS-CON NEWS LIVE!
Click to Add our RSS Feeds to the Service of Your Choice:
Google Reader or Homepage Add to My Yahoo! Subscribe with Bloglines Subscribe in NewsGator Online
myFeedster Add to My AOL Subscribe in Rojo Add 'Hugg' to Newsburst from CNET News.com Kinja Digest View Additional SYS-CON Feeds
Publish Your Article! Please send it to editorial(at)sys-con.com!

Advertise on this site! Contact advertising(at)sys-con.com! 201 802-3021
SYS-CON FEATURED WHITEPAPERS


MOST READ THIS WEEK
Virtualization Conference Keynote Webcast Live on SYS-CON.TV
By James Hamilton
Virtualization is the Future of Enterprise Computing
By Jeremy Geelan
Red Hat Named "Platinum Sponsor" of Virtualization Conference & Expo
By James Hamilton
Virtualization Journal Print Archives: Volume 2 - Issue 5, September 14, 2005
By Jack Norris
Application Virtualization
By Virtualization News Desk
3rd International Virtualization Conference & Expo in NYC to Present a World Class Faculty
By Virtualization News Desk
Application Virtualization: Instant Migration to Vista, Fast Delivery, Secure Access, Side-by-Side Deployments
By Virtualization News Desk
V is for Venture...and for Virtualization
By Jeremy Geelan
Dell Steals Virtualization March on HP & IBM
By Maureen O'Gara
Integration with Windows Vista, Microsoft Excel, and Microsoft Application Virtualization
By Virtualization News Desk
Virtualization for Deeply Embedded Applications
By Frank Altschuler
Are you Application vAvailable?
By Virtualization News Desk
ADS BY GOOGLE