RE: [fw-wiz] Application-level Attacks
From: Bill Royds (bill_at_royds.net)
Date: 01/30/05
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Adam Shostack: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Danny: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Adam Shostack'" <adam@homeport.org>, "'Frederick M Avolio'" <fred@avolio.com> Date: Sun, 30 Jan 2005 14:02:01 -0500
Perhaps the distinction is really between data attacks versus protocol attacks,
no matter what layer the attack occurs.
In an protocol attack, one attacks the network protocol itself using syntax
manipulation.
In a data attack, one wants to access or change the data at the information
level to attack the business itself by fraud etc.
Past attacks often had the effect of halting computer operations for a
period, but did not affect the overall enterprise. Nowadays, as business and
computer networks become intricately linked, attacking the computers and
networks attacks the main business. This also means the IT security becomes
fundamental to enterprise security. For many businesses their connection to the
Internet is as important as their connection to the water and power grids.
Firewalls have traditionally worked by ensuring that the protocols they
monitor were valid but did not restrict much the actual information content of
the data that passed through. They ensured safe syntax. Newer tools like IPS or
web filters are attempts to handle attacks at message content level by having an
idea of what is valid in the business context, not just the network protocol
context. Since each business context is different, they are much harder to tune
than before. But the need for filters at this level is becoming more and more
apparent as the attacks shift away from lower level technology to high level
information.
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Adam Shostack
Sent: Saturday, January 29, 2005 4:29 PM
To: Frederick M Avolio
Cc: Marcus J. Ranum; firewall-wizards@honor.icsalabs.com
Subject: Re: [fw-wiz] Application-level Attacks
<snip>
I think we need a better term than application layer attacks (as this
conversation shows.) I don't think that we're seeing technically new
attacks, but rather a re-orientation of the attackers, why they're
attacking, and what they're after. Unfortunately, analysts are
talking about this a fair bit, and they're doing so in ways that are
confusing people.
Adam
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Devdas Bhagat: "Re: [fw-wiz] Application-level Attacks"
- In reply to: Adam Shostack: "Re: [fw-wiz] Application-level Attacks"
- Next in thread: Danny: "Re: [fw-wiz] Application-level Attacks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
