A special feature of advanced evasion techniques (AETs) is that they have an infinite number of possible combinations, meaning only software-based security systems can provide effective protection against them.

Unlike hardware-based solutions, software can adapt quickly and dynamically to changing threat patterns, which means that they have the best chance to keep pace with the latest methods of disguise.

AETs combine and vary methods for disguising an attack or malicious code, using different levels within network traffic. This unusual behaviour means that even modern intrusion-prevention systems (IPSs) and next-generation firewalls are unable to detect the disguised malicious code.

Recent estimates set the number of possible combinations of AETs at a very high figure (2,180) and it appears that this dynamic threat will present long-term challenges to the security mechanisms of corporate networks.

Simply updating signatures can only protect against single AET methods and, as a result, this means of attack is currently giving cyber criminals a kind of master key for attacking any vulnerable system.

To disguise an attack, AETs make use of the way in which IPS architectures and firewalls work. For example, an IPS checks data traffic before passing it on to the network and blocks the data if the IPS suspects that it contains malicious code. The security system must therefore know the specific patterns of malware programs in order to detect them and protect the network.

Most IPS architectures use protocol analysis and signature recognition for this purpose. Upon detecting a new worm or virus, the devices usually update their fingerprint information within just a few days, sometimes even within hours. To a certain extent, existing analysis functions can detect and combat malicious software that is similar to known threats.

For their part, firewalls check data packets to determine their origin, destination, protocol and other properties. If the data packets fail to satisfy the network’s internal security rules, the firewall rejects them and alerts the administrator.

However, the AET methods have so many possible variations that they no longer resemble any attack pattern stored in the IPS, even after only a slight modification. For example, in the number of bytes or the segment offset, a malicious code enters the network, with the appearance of regular data traffic despite a fingerprint update.

Therefore, security patches no longer offer protection, especially as AETs do not follow the classic rules of the TCP/IP protocol suite. Tests have shown that AETs are able to attack the IP and transport layers (TCP, UDP) as well as application layer protocols, including SMB and RPC.

Thus, an AET-disguised data packet can sneak past the IPS and enter the network on different levels of data traffic. For a firewall, a data packet of this type may also meet all criteria of the defined security rules externally and it is therefore allowed to pass.

In order for security solutions to offer any protection at all against dynamic and constantly evolving AETs, it must be possible to update these solutions quickly and at any time. Once new AET variants have been announced, software-based IPS and firewall systems can be automatically updated to state of the art, and corresponding patterns of disguise stored.

However, the overwhelming majority of network security systems in use today are static, hardware-based solutions that are extremely difficult and sometimes even impossible to update, especially in light of the rapidly changing threat patterns.

Updating them would be very time-consuming and costly and, at the same time, it is virtually impossible for them to react flexibly to new AET variants. This means that administrators can no longer guarantee network security.

Flexible, software-based security systems, combined with a central management function, therefore currently offer the best protection against AETs. Thanks to software-based technology, updates can be loaded at any time and configuration work carried out without a great deal of effort.

It is not yet possible to provide full protection against AETs. One solution is dynamically adaptable security systems, to which new functions for inspecting data traffic can be added with little time and effort, offering the best protection available today.

One example of this is ‘multi-layer normalisation’, in which security devices interpret and fully assemble data packages in the same manner as the end system. This reduces the danger of disguised malicious code bypassing the security system undetected and entering the network.

Patch management and updating signature databases are not adequate solutions as these measures cannot keep up with the highly dynamic AET over the long term. Searching for the right AET method when 2,180 combinations are possible is like searching for one grain of sand in 500,000 galaxies.

Source:http://www.scmagazineuk.com/aets-and-software-based-security/article/242219/

Halfway through May and the software release schedule shows no sign of abating, and beta releases stand out over the past week. Some of the biggest releases come from security experts Norton, which updated 2013 public betas. Norton AntiVirus 2013 v20.0.0.106 beta, Norton Internet Security 2013 v20.0.0.106 beta and Norton 360 2013 v20.0.0.106 beta provide an early look at what to expect from the upcoming security line, and all of these tools are free during the beta testing period.

But Norton is far from the only name in the security world, and ESET Smart Security 6 Beta (32-bit) includes not only antivirus protection but a firewall and interesting anti-theft features for laptop users; there’s also a 64-bit version of the program available — ESET Smart Security 6 Beta (64-bit).

From the same company also comes ESET NOD32 Antivirus 6 Beta (32-bit), which focuses on the key security areas of checking for viruses, malware and rootkits. Again, there are anti-theft features built in and there is a 64-bit version of the program available — ESET NOD32 Antivirus 6 Beta (64-bit).

For computers that are already infected with viruses or malware, Emsisoft Emergency Kit 2.0 Beta is a great tool to have in your software collection, and the latest version of the program is faster than ever at cleaning up machines.EraserDrop Portable 2.1.1 is a different type of security tool that enables you to securely delete files so that they cannot be recovered, all using a program that runs from a USB drive.

Cloudfogger 1.1.1349 is a free tool that enables you to encrypt your data including both local files and those held in cloud storage accounts such as Dropbox.

As well as security tools, a number of interesting utilities released this week. Auslogics Disk Defrag 3.4.3.0 is a fantastic free way to keep your hard drive in great shape, while Auslogics BoostSpeed 5 is a low-cost tool that helps to boost the performance of almost any computer in a few easy steps. Cloud System Booster 1.0.0 FINAL takes something of a different approach to system optimization, using shared, cloud-based information to provide fixes and tweaks for any situation.

Life online would be difficult without a web browser, and Google Chrome 19 was one of the biggest releases last week. The latest version of the browser to reach the stable channel features new synchronization options that can be used to sync tabs, extensions and more between computers — there is also a USB drive friendly version available in the form of Google Chrome Portable 19.

If you’re looking to improve your security online, HTTPS Everywhere for Firefox and HTTPS Everywhere for Chrome are tools that will ensure that you use the secure HTTPS version of a web site whenever one is available. If you are happy to take a hands-on approach to security and want a quick and easy way to change your DNS settings, DNS Jumper 1.0.4 could be just what you’ve been looking for.

Moving onto the selection of new creative releases: Xara Photo and Graphic Designer MX 8.1 is your one-stop-shop for photo editing, desktop publishing, illustration, web graphics and much more, while Xara Designer Pro X 8.1 builds on this theme with the added ability to create web sites. Any Video Converter Free 3.3.8 is a useful tool to have installed whether you are preparing video for use online, or just want to ensure that videos can be viewed on any given device, enabling you to convert between formats quickly, easily and for free.

Three others are a bit of a mixed bag. Toolwiz FlipBook 1.4.0.0 continues the creative theme to some degree by enabling you to convert any text file into a self-executing, three dimensional ebook. For programmer, web developer, or anyone just looking for a more advanced text editor than Windows’ Notepad, PilotEdit Lite 5.6.0 is well worth a look, while Producteev 1.0.1.0 is a great little task management tool that is available for a variety of platforms so you can keep on top of your to-do list from a range of devices.

That’s it for this week. Join us in another seven days to catch up on the latest software releases.

Source:http://betanews.com/2012/05/20/security-dominates-mid-mays-27-software-downloads/