What is the best way to harden an enterprise network against advanced evasion techniques (AETs)? I see vendors...
coming out with software that uses this same idea to prod a network's perimeter for holes. Furthermore, what's the best way to track down the source of AETs?
Ask the Expert!
Have questions about network security for expert Brad Casey? Send them via email today! (All questions are anonymous.)
AETs were dreamed up in a vendor laboratory, so I'm not convinced that AET attacks are a prevalent problem at this point. In a nutshell, an AET attack involves manipulating packets at various layers of the Open Systems Interconnection model with the end goal of confusing network intrusion detection and prevention systems (IDS/IPS). So if the packet is manipulated at the IP layer, most IDS/IPS products are adept at catching such an event, but if the packet is manipulated simultaneously at the IP and session layers, most IDS/IPS systems don't know how to process this.
Yes, there is software and hardware on the market right now that will help to prevent the infamous AET attack, but the vendors who are peddling these products are some of the same ones that invented the concept in the first place. I'm not saying that AET attacks won't at some point be prevalent in the wild, but in comparison with the dreaded DDoS attack, AET attacks aren't even in the same ballpark. If your organization insists on deploying a defense against AET attacks, then I suggest considering vendors such as Stonesoft that have a focus on AET mitigation for your software and hardware needs.
As far as tracking down the source of AET attacks, you could use some of the same techniques that are used in other attacks: Examine the network routing information, take note of which autonomous system the packets are coming from, and try obtaining the cooperation of your ISP.
Related Q&A from Brad Casey, Contributor
Can Project Sonar, an Internet-scanning project, benefit enterprise network security? Expert Brad Casey discusses.continue reading
Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.continue reading
The Department of Defense is using a converged network security architecture to simplify security management. Learn about the security benefits.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.