What is the best way to harden an enterprise network against advanced evasion techniques (AETs)? I see vendors...
coming out with software that uses this same idea to prod a network's perimeter for holes. Furthermore, what's the best way to track down the source of AETs?
Ask the Expert!
Have questions about network security for expert Brad Casey? Send them via email today! (All questions are anonymous.)
AETs were dreamed up in a vendor laboratory, so I'm not convinced that AET attacks are a prevalent problem at this point. In a nutshell, an AET attack involves manipulating packets at various layers of the Open Systems Interconnection model with the end goal of confusing network intrusion detection and prevention systems (IDS/IPS). So if the packet is manipulated at the IP layer, most IDS/IPS products are adept at catching such an event, but if the packet is manipulated simultaneously at the IP and session layers, most IDS/IPS systems don't know how to process this.
Yes, there is software and hardware on the market right now that will help to prevent the infamous AET attack, but the vendors who are peddling these products are some of the same ones that invented the concept in the first place. I'm not saying that AET attacks won't at some point be prevalent in the wild, but in comparison with the dreaded DDoS attack, AET attacks aren't even in the same ballpark. If your organization insists on deploying a defense against AET attacks, then I suggest considering vendors such as Stonesoft that have a focus on AET mitigation for your software and hardware needs.
As far as tracking down the source of AET attacks, you could use some of the same techniques that are used in other attacks: Examine the network routing information, take note of which autonomous system the packets are coming from, and try obtaining the cooperation of your ISP.
Dig Deeper on Hacker tools and techniques: Underground hacking sites
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.