You are here: silicon.com > Resources > White Papers > Security > Intrusion - Tampering > Network Security

Network Security White Papers

Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics

Tags:
network security

Overview A fundamental problem for network intrusion detection systems is the ability of a skilled attacker to evade detection by exploiting ambiguities in the traffic stream as seen by the monitor. This paper discusses the viability of addressing this problem by introducing a new network forwarding element called a traffic normalizer. The normalizer sits directly in the path of traffic into a site and patches up the packet stream to eliminate potential ambiguities before the traffic is seen by the monitor, removing evasion opportunities. The paper examines a number of tradeoffs in designing a normalizer, emphasizing the important question of the degree to which normalizations undermine end-to-end protocol semantics.

Further White Paper Details
Publisher	Technische Universitat Munchen	File Format	PDF
Date Published	May 2001
Format	White Papers
Topics	Network Security, Security Tools, Intrusion Detection Systems

Did you find this white paper useful? 1 out of 2 users found this white paper useful

Balancing Security Against Productivity

Publisher:
Novell

Novell Zenworks Endpoint Security Management: Total Control from a Single Console

Publisher:
Novell

Secure Desktop On-Demand Webcast

Publisher:
Novell

U.S. Bancorp: Using VeriSign to Further Strengthen Its Network Security

Publisher:
VeriSign

NAC 2.0: A new model for a more secure future

Publisher:
Sophos

To forge an effective security policy, forget the firewall

Behind the firewall you've got to have intrusion detection systems so you can monitor external and internal users. Passwords "just aren't safe", he claimed, and the only way to be sure of security is to positively identify and monitor any traffic...

Channel:
Comment & Analysis

Logic of Logical rubbished

But Clifford added Logical has to be careful not to zone too much and cut the user off from file and print services and admitted his ideal recommendation of a firewall pair and intrusion detection around each department was expensive.

Channel:
Security Strategy

Top ten tips to stop internal hackers

Implement architectural features to isolate, minimise and monitor internal user access abuses such as using packet sniffers to monitor internal traffic and host and/or a network-based intrusion detection system to identify internally-based attacks.

Channel:
Security Strategy

Companies urged to patch Sendmail

Moreover, mail servers - also called mail transport agents (MTAs) - that aren't vulnerable will still forward the flaw-exploiting email message onto its destination. Several companies, including Red Hat, IBM, SGI, Sun and Hewlett-Packard, released...

Worm's spread shows holes in patch system

This week's MSBlast outbreak is raising old questions about the effectiveness of software patches that are intended to secure computers. The incident happened despite a broad initiative by the school to lock down its systems with patches, said...

Channel:
Comment & Analysis

Cracked: The Great Firewall of China

The IDS uses a stateless server, which examines each data packet both going in and out of the firewall individually, unrelated to any previous request. The researchers found it was possible to circumvent the Chinese intrusion detection systems (IDS...

Virtualisation: Architectual Considerations and other Evaluation Criteria

In the past several years, server virtualisation technology has moved quickly and firmly into the IT mainstream. Of the many approaches to system virtualisation available in the market today, VMware's hypervisor architecture has gained the greatest market acceptance. This paper examines the architectural issues, solution support, and enterprise readiness required when deploying such a virtualisation solution.

Publisher:
EMC

Getting Started with Master Data Management

Master data management forms part of an overall enterprise governance program that aims to establish trusted data throughout the enterprise. This white paper from Mike Ferguson of Intelligent Business Strategies defines master data, examines why it is needed, and explores methodologies for implementing master data management.

Publisher:
DataFlux

Optimising Storage with Global File Virtualisation

This white paper will provide an overview on how Rainfinity Global File Virtualisation virtualises unstructured data environments and moves data -including active, open files-without disruption to users or applications. Rainfinity is the only enterprise-class file virtualisation solution, and delivers complete NAS optimisation across geterogeneous environments, such as NAS, CAS, and file servers.

Publisher:
EMC

Also on silicon.com

Site Navigation:

Network Security White Papers

Network Intrusion Detection: Evasion, Traffic Normalization, and End-to-End Protocol Semantics

Quick Sitemap Links:

About Us

Search

Blogs

Verticals

Advertising Features

CNET Networks in Europe

CNET Networks in the United States

CNET Networks in Asia Pacific