AVAYA LABS UNVEILS FREE LINUX SECURITY SOFTWARE.
As a result, Libsafe 2.0 protects against the two most common forms of security attacks: "buffer overflow" and "format string." Libsafe extends its protection to all application programs running on a system, and will even help to protect programs that have vulnerabilities yet to be discovered.
Avaya Labs is the research and development arm of Avaya (NYSE: AV), a provider of business communication solutions and services.
"Enterprises worldwide are deploying servers and communication networks, counting on the high reliability of Linux," said Ravi Sethi, president of Avaya Labs. "Avaya is making Libsafe 2.0 available free to help protect our customers, existing and potential, from malicious security attacks. Our customers already benefit from additional Avaya Labs technology to enhance reliability by protecting against inadvertent errors."
Security is a critical issue for businesses, particularly as they build their data networks. Avaya recently further strengthened its portfolio of security products for businesses by acquiring VPNet Technologies Inc. -- a provider of virtual private networks and services -- and by acquiring certain security-related products from CyberIQ.
Libsafe 2.0 detects and protects against both format string and buffer overflow attacks, which allow a non-authorized user to take control of a server by exploiting loopholes. The loopholes allow a malicious user to insert code into a running program and then hijack control to execute the inserted code instead. The non-authorized user could then access private data or stage attacks against other machines. The attack proceeds by sending carefully formed requests to vulnerable server programs that set the stage for the hacker to write a string of characters that overwrite the server program's memory and trick it into handing control to the attacker.
Earlier this year, the CERT Coordination Center at Carnegie Mellon University in Pittsburgh warned about format string and buffer overflow vulnerabilities in widely-used Internet name-server software called BIND (Berkeley Internet Name Domain). The CERT advisory notes: "Because the majority of name servers in operation today run BIND, these vulnerabilities present a serious threat to the Internet infrastructure."
For the past several years, buffer overflows have been the most common form of computer security vulnerability exploited by intruders, according to the Oregon Graduate Institute of Science & Technology (OGI).
Libsafe was developed by Avaya Labs researchers Navjot Singh and Timothy Tsai.
"It is generally accepted that the best solution to these security attacks is to fix the defective program," said Singh. "But to do that, you have to know the program is defective. Libsafe helps to protect against future attacks, even on programs not yet known to be vulnerable."
Avaya Labs is making Libsafe freely available under the GNU Lesser General Public License. Users and developers who would like further information and the Libsafe source code can visit http://www.research.avayalabs.com/project/libsafe.html.
Libsafe is easy to use, requires no special security expertise and can be installed in minutes. Tests by Avaya Labs have shown that it detects a large number of attacks, while using few computer resources. It requires no modification to the operating system or application.
About Avaya Labs
Building on the heritage of Bell Labs, Avaya Labs is the research and development arm of Avaya, a provider of business communication solutions and services. Avaya Labs delivers competitive, innovative technology for Avaya's customers. Avaya Labs has 1,500 patents and patent applications, and 3,100 R&D professionals in more than 16 locations around the world. Major locations are Denver, Colorado; Holmdel, N.J.; Tel Aviv, Israel; Concord, Mass.; the U.K.; Dallas, Texas; Milpitas, Calif., and Redmond, Wash.
Avaya, headquartered in Basking Ridge, N.J., USA, is a provider of communications systems for enterprises, including businesses, government agencies and other organizations. Avaya offers converged voice and data, customer relationship management, messaging, voice multi-service networking and structured cabling products and services. Avaya is a provider in sales of messaging and structured cabling systems and a U.S. leader in sales of enterprise voice communications and call center systems. Avaya intends to use its leadership positions in enterprise communications systems and software, its broad portfolio of products and services, and strategic alliances with other technology and consulting services leaders to offer its customers comprehensive eBusiness solutions.
Avaya Labs can be found on the World Wide Web at http://www.avaya.com.
For more information, call 908/953-3348.
|Printer friendly Cite/link Email Feedback|
|Comment:||AVAYA LABS UNVEILS FREE LINUX SECURITY SOFTWARE.|
|Article Type:||Product Announcement|
|Date:||May 1, 2001|
|Previous Article:||TIBCO SOFTWARE AND WELLFOUND SPEED E-BUSINESS INTEGRATION.|
|Next Article:||ESPEED SELECTS RSA BSAFE PRIVACY SOFTWARE.|