Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Port-80 Delivery of Advanced Evasion Techniques

Stonesoft Networks : 05 October, 2011  (Technical Article)
Stonesoft describes how Advanced Evasion Techniques are being delivered across the HTTP protocol thereby increasing the threat level
Port-80 Delivery of Advanced Evasion Techniques
Network security vendor Stonesoft has announced the discovery that Advanced Evasion Techniques (AETs) are deliverable across the port-80, HTTP protocol, making them a very real and credible threat to the security of organisations worldwide.

Stonesoft announced its discovery of AETs in October 2010. AETs are essentially a new category of cyber-attacks, which provide cybercriminals with a master key to access vulnerable systems. Using AETs, malware can be disguised so it looks safe and then delivered past security appliances completely undetected.

Since the initial discovery Stonesoft has carried extensive research into the threat category and is currently the lead researcher in that area.

The most recent discovery reveals that AETs can also be deployed across the HTTP protocol and will not be blocked by Firewalls. Until recently, AETs have been viewed as an internal threat which only operate inside a network and only affect IPS appliances. However, this recent research has revealed they can also bypass firewalls and be deployed externally across web traffic.

“We are increasingly seeing evidence of AETs being used in the wild and the threat they pose to organisations worldwide is growing. Recent research has revealed that AETs are deliverable across HTTP protocol, amongst others, and this essentially means that any company with a connection to the internet is at risk of the threat. There seems to be a common misconception that AETs are an internal threat but this has been proven not to be the case. It is important to note when AETs are delivered via HTTP (web) they are able to bypass Firewalls and IPS devices, this is clear evidence that they can originate and be deployed from outside the corporate network,” said Professor Andrew Blyth, Head of Advanced Technology at The University of Glamorgan, UK.

This revelation makes the threat posed by AETs more real than was previously estimated. Stonesoft urges network security vendors to wake up from their complacency.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo