Week 13 – Reading Summary & News

Intrusion Prevention System examines data and flow of network traffic to detect or prevent vulnerabilities or exploits. The reading for this week discusses different ways and methods to bypass different flavors of IPS from various vendors.  The mentioned methods in the reading are Obfuscation (making something unreadable), Encryption and tunneling (sending attack through SSH),  Fragmentation (splitting malicious packets into fragments; reassembly is tricky; delaying packets) and Protocol Violations.  In some cases, a combination of the methods were required to get through the IPS.  Decoy trees and big-endian evasion techniques were also shown to help with making the attack successful. IPS are not meant to be the be-all and end-all in protection and also need to be configured or tailored to your environment.

In the news:

Self-encrypting drives are little better than software-based encryption

If a laptop using a self-encrypted drive is stolen or lost while in sleep mode, the security of its data can’t be guaranteed. Companies relying on self-encrypting drives (SEDs) to secure data stored on their employees’ laptops should be aware that this technology is not immune to attack and should carefully consider whether they want to use this rather than software-based approaches.