Keynote: New Network Security Threat Category presented at t2 2010

by Olli-pekka Niemi (Stonesoft), Antti Levomäki (Stonesoft),

Tags: Keynote

URL : http://t2.fi/schedule/2010/#speech1

Summary : Intrusion Prevention capable network security devices are used to protect vulnerable hosts from remote exploits. Exploits can apply multiple evasion methods to bypass the detection of the network security device and break into the remote system.

Security testing products usually contain some evasion techniques, but these tools are still exploit and endpoint-security testing oriented. There is no tool nor product publicly available that can be easily and reliably used for measuring how well a network security device system decodes and blocks attacks enhanced with various evasion techniques.

Lack of testing tools has led into the false assumption that current security appliances with intrusion prevention and application identification capabilities are resistant to evasions. The evasion research framework implemented in Stonesoft has shown that many security devices still handle evasions poorly.

Olli-pekka Niemi: Olli-Pekka Niemi has been working in the area of Internet security since 1996. Since 2000, he has worked at Stonesoft’s R&D department, developing Stonesoft's StoneGate network security solutions. His main areas of responsibility include the analysis of network based attacks and attack methods as well as the research of new detection and analysis methods that could be implemented into StoneGate network security solutions. Mr. Niemi is also the team leader of the Stonesoft Vulnerability Analysis Goup (VAG). Before joining Stonesoft Mr. Niemi worked at KPMG Information Risk Management, where he mainly focused on penetration testing and security audits. He has also worked as a system administrator at the Helsinki University of Technology.

Antti Levomäki: Antti Levomäki has been working at Stonesoft R&D since 2004. His main tasks include the analysis of network based attacks and attack methods as well as the writing of attack and application detection signatures for the StoneGate Network Security Products. His main areas of expertise include the writing of low level packet handling code. Mr. Levomäki holds a Master Of Computer Science degree from the University of Helsinki.