RE: [fw-wiz] Application-level Attacks

From: Ofer Shezaf (Ofer.Shezaf_at_breach.com)
Date: 02/14/05

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks" 
    To: "Marcus J. Ranum" <mjr@ranum.com>, <firewall-wizards@honor.icsalabs.com>
Date: Mon, 14 Feb 2005 13:09:54 -0500

    I used the term well known study because they talk about it very much,
    but I never saw the source.

    For example out in:
    http://www.computerworld.com/securitytopics/security/story/0,10801,67973
    ,00.html

    You will find:

    ...John Pescatore, an analyst at Stamford, Conn.-based Gartner Inc.,
    said Web application security is a serious problem for two-thirds of all
    corporate Web sites.

    "The current generation of firewalls focuses on the network level, kind
    of like the walls of a fort stopping direct attack," said Pescatore.
    "However, close to 75% of today's attacks are tunneling through
    applications. Application-level firewalls are something that any
    critical infrastructure company needs to look at...

    But saying this, I think that nearly by definition most attacks are on
    the application layer: how many attacks employ IP header or TCP header
    vulnerabilities?

    ~ Ofer

    Ofer Shezaf
    CTO, Breach Security

    Tel: +972.9.956.0036 ext.212
    Cell: +972.54.443.1119
    ofers@breach.com
    http://www.breach.com

    > -----Original Message-----
    > From: Marcus J. Ranum [mailto:mjr@ranum.com]
    > Sent: Monday, February 14, 2005 6:47 PM
    > To: Ofer Shezaf; firewall-wizards@honor.icsalabs.com
    > Subject: RE: [fw-wiz] Application-level Attacks
    >
    > Ofer Shezaf wrote:
    > >There is also a well know study by Gartner that says that
    > >75%-80% of attacks are carried on the application layer.
    >
    > Do you have a reference for this one? I'd like to look at the
    > methodology behind it...
    >
    > mjr.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Marcus J. Ranum: "RE: [fw-wiz] Application-level Attacks"

    Relevant Pages

    • Re: Tools/Software Toolkits
      ... > Audit your website security with Acunetix Web Vulnerability Scanner: ... > login pages, dynamic content etc. Firewalls, SSL and locked-down servers are ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • RE: nmap results
      ... Is these sequential ports udp or tcp, and if u r scaning against a firewall? ... Audit your website security with Acunetix Web Vulnerability Scanner: ... login pages, dynamic content etc. Firewalls, SSL and locked-down servers are ... Cross site scripting and other web attacks before hackers do! ...
      (Pen-Test)
    • Re: How to choose an IDS/FW MSS provider
      ... detect attacks by inspecting layer 3 headers for prohibited IP ... Layer 4 firewalls detect ... facility with an IDS or IPS deployed. ...
      (Focus-IDS)
    • Re: Are Fragmentation Attacks Still Used for IDS/IPS Evasion?
      ... I was just reading up on fragmentation attacks using ... since almost all firewalls both ... buy it or download a solution FREE today! ...
      (Pen-Test)
    • Re: Im ignorant - can someone please explain...
      ... > I hope someone can explain this to me as I know ziltch about firewalls. ... most attacks are coming from self replicating worms and are using blocks ... The link talks about all the MS O/Sand how to protect them. ...
      (comp.security.firewalls)