Entercept Continues to Dominate the Market in Buffer Overflow Protection; First Solution to Protect Against the Return-into-Libc Attack Technique.Business Editors/High-Tech Writers Entercept(TM) Security Technologies, the proven leader in intrusion prevention See IPS and IDS. software, today released more details about a new type of buffer overflow A common cause of malfunctioning software. If the amount of data written into a buffer exceeds the size of the buffer, the additional data will be written into adjacent areas, which could be buffers, constants, flags or variables. attack technique affecting enterprise servers. Using this technique, known as Return-into-libc, an attacker can potentially take over the server, causing costly damage to enterprises. Corporations should be concerned because the technique is so generic that many existing prevention technologies, including those mechanisms built into widely used operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. , are not relevant protection for this type of attack method. Research conducted by Entercept's Ricochet A wireless Internet service from Ricochet Networks, Inc., Denver, CO (www.ricochet.net). Originally developed by Los Gatos, CA-based Metricom, Inc., Ricochet was the first high-speed, wireless Internet service for commuters. Team(TM) reveals additional information on the potential threats of this new hacking See hack and hacker. method. Return-into-libc is a buffer overflow exploitation technique that can give attackers root access to machines. If an attacker gains full control of a server, he/she can potentially steal confidential information Noun 1. confidential information - an indication of potential opportunity; "he got a tip on the stock market"; "a good lead for a job" steer, tip, wind, hint, lead , alter system configurations, execute commands, and/or install backdoors. Unlike traditional buffer overflow exploitation methods that attempt to execute malicious code that is injected in·ject·ed adj. 1. Of or relating to a substance introduced into the body. 2. Of or relating to a blood vessel that is visibly distended with blood. injected 1. introduced by injection. 2. congested. into the overflowed area, Return-into-libc executes existing code residing in a program's text segment. Return-into-libc tricks the OS into calling a commonly used function residing in one of the standard libraries that most programs contain. This library, "libc," contains various functions, including several that execute arbitrary commands. To use this technique, an attacker overflows a vulnerable buffer, but does not place executable code Software in a form that can be run in the computer. It typically refers to machine language, which is comprised of native instructions the computer carries out in hardware. Executable files in the DOS/Windows world use .EXE and . in the buffer, as with more common exploitations. Entercept identifies malicious execution of these libc functions, thereby accurately identifying the Return-into-libc condition. Entercept's patented solution safeguards servers against all types of buffer overflows and is the only solution available to provide protection against the Return-into-libc technique, without any signature or code updates. "Buffer overflow attack techniques continue to evolve and evade e·vade v. e·vad·ed, e·vad·ing, e·vades v.tr. 1. To escape or avoid by cleverness or deceit: evade arrest. 2. a. traditional protection mechanisms to compromise server resources and data, putting businesses at risk," said Richard Stiennon, research director for Gartner, Inc. "Server side hardening hardening, in metallurgy, treatment of metals to increase their resistance to penetration. A metal is harder when it has small grains, which result when the metal is cooled rapidly. and protective measures that address server operations instead of signature only are needed to protect critical computing assets." Buffer overflow attacks are increasing. Over 60% of the CERT(R) (Computer Emergency Response Team) advisories deal with buffer overflow exploits and the trend continues to rise. In addition, the techniques used to execute buffer overflows are becoming more and more sophisticated. Since March of 2002, Microsoft has issued over 10 advisories for various types of buffer overflows. Likewise, other well-known operating systems are also falling victim, putting enterprise assets at risk. Entercept stays ahead of techniques like Return-into-libc by examining current and future avenues of attack and building this knowledge into Entercept's flagship intrusion prevention solution. Entercept's Ricochet Team advises enterprises to implement a defense-in-depth security strategy that includes proactive, best-of-breed solutions like Entercept. "There are thousands of known buffer overflow exploits that use code injection to compromise a system. Entercept has always protected against these," said Dr. Yona Hollander, vice president of security research for Entercept Security Technologies and leader of the Ricochet Team. "Return-into-libc is definitely a next-generation buffer overflow exploitation technique that requires advanced intrusion prevention and cannot be stopped by traditional protection methods." About Entercept Security Technologies Entercept Security Technologies is the proven leader in intrusion prevention software. Based on patented technology, Entercept safeguards the entire server by preventing known and unknown malicious attacks. Unlike other security solutions, Entercept uses a combination of behavioral rules and signatures to proactively prevent attacks rather than merely detecting and reporting them after they occur. Strategic partners include Cisco, Check Point, Foundstone and other leading companies. Entercept has received numerous awards and industry recognition, including Network Magazine's 2002 & 2001 Product of the Year, Fortune Small Business Magazine's `65 Big Ideas List,' SC Magazine's `Best Pick of the Year 2000 and 2001,' InfoWorld magazine's `Business Impact of the Year Award,' and InfoWorld magazine's Readers Choice `Security Product of the Year.' Entercept Security Technologies (www.entercept.com) is headquartered in San Jose San Jose, city, United States San Jose (sănəzā`, săn hōzā`), city (1990 pop. 782,248), seat of Santa Clara co., W central Calif.; founded 1777, inc. 1850. , Calif., and can be reached by calling 408/576-5900, or toll-free at 800/599-3200. Entercept's European offices can be reached by calling 44-208-387-5500. Entercept is a registered trademark in the United States United States, officially United States of America, republic (2005 est. pop. 295,734,000), 3,539,227 sq mi (9,166,598 sq km), North America. The United States is the world's third largest country in population and the fourth largest country in area. and other countries. |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion