A fundamental problem for network intrusion detection systems is the ability of a skilled attacker to evade detection by exploiting ambiguities in the traffic stream as seen by the monitor. This paper discusses the viability of addressing this problem by introducing a new network forwarding element called a traffic normalizer. The normalizer sits directly in the path of traffic into a site and patches up the packet stream to eliminate potential ambiguities before the traffic is seen by the monitor, removing evasion opportunities. The paper examines a number of tradeoffs in designing a normalizer, emphasizing the important question of the degree to which normalizations undermine end-to-end protocol semantics.
Did you find this white paper useful?
Related white papers
Balancing Security Against Productivity
What makes for great security? Is it about keeping the bad guys out or letting the good guys in? About defending attacks or preventing them? When IDG Research Services queried...
Novell Zenworks Endpoint Security Management: Total Control from a Single Console
Still super gluing your USB ports shut? Unauthorized access to networks, lost or stolen laptops and other mobile hardware, and theft of proprietary information or intellectual property accounted for more...
Secure Desktop On-Demand Webcast
The desktop or endpoint is one of the most vulnerable parts of your environment. Threats are everywhere. You have users who love to experiment with device settings (only to wonder...
Commercial Leasing Company Increases Security With Desktop Operating System Solution
Signature Capital provides customized vehicle and equipment financing packages to meet the specific financial needs of its clients. As a small startup company, Signature Capital was lacking the resources it...
Stop Spam and Email-Borne Threats With Symantec's New Hosted Mail Security Solution
Organizations of all sizes are coping with threats to business productivity and security from spam, viruses and worms, and other email-borne content. To combat these attacks, Symantec provides industry-leading email...
Small Business Webcast: Upgrade Today: An Overview of Windows XP Service Pack 2 - Level 100
Did you know that the Windows XP Service Pack 2 has a number of security enhancements to help you protect your PC? In this webcast, you will find out more...
Securing SMBs Against Spam and Virus Threats
This white paper from St. Bernard Software explains why spam and viruses are particularly tough to eliminate in small- and medium-sized businesses (SMBs) that can't dedicate IT staff to combating...
