Firewall Wizards mailing list archives
RE: Application-level Attacks
From: "Bill Royds" <bill () royds net>
Date: Sun, 30 Jan 2005 14:02:01 -0500
Perhaps the distinction is really between data attacks versus protocol attacks, no matter what layer the attack occurs. In an protocol attack, one attacks the network protocol itself using syntax manipulation. In a data attack, one wants to access or change the data at the information level to attack the business itself by fraud etc. Past attacks often had the effect of halting computer operations for a period, but did not affect the overall enterprise. Nowadays, as business and computer networks become intricately linked, attacking the computers and networks attacks the main business. This also means the IT security becomes fundamental to enterprise security. For many businesses their connection to the Internet is as important as their connection to the water and power grids. Firewalls have traditionally worked by ensuring that the protocols they monitor were valid but did not restrict much the actual information content of the data that passed through. They ensured safe syntax. Newer tools like IPS or web filters are attempts to handle attacks at message content level by having an idea of what is valid in the business context, not just the network protocol context. Since each business context is different, they are much harder to tune than before. But the need for filters at this level is becoming more and more apparent as the attacks shift away from lower level technology to high level information. -----Original Message----- From: firewall-wizards-admin () honor icsalabs com [mailto:firewall-wizards-admin () honor icsalabs com] On Behalf Of Adam Shostack Sent: Saturday, January 29, 2005 4:29 PM To: Frederick M Avolio Cc: Marcus J. Ranum; firewall-wizards () honor icsalabs com Subject: Re: [fw-wiz] Application-level Attacks <snip> I think we need a better term than application layer attacks (as this conversation shows.) I don't think that we're seeing technically new attacks, but rather a re-orientation of the attackers, why they're attacking, and what they're after. Unfortunately, analysts are talking about this a fair bit, and they're doing so in ways that are confusing people. Adam _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Application-level Attacks, (continued)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Devdas Bhagat (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Devdas Bhagat (Jan 28)
- Re: Application-level Attacks Adam Shostack (Jan 28)
- Re: Application-level Attacks Frank Knobbe (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- Re: Application-level Attacks Frederick M Avolio (Jan 30)
- Re: Application-level Attacks Adam Shostack (Jan 30)
- RE: Application-level Attacks Bill Royds (Jan 30)
- Re: Application-level Attacks Danny (Jan 28)
- Re: Application-level Attacks Crispin Cowan (Jan 28)
- Re: Application-level Attacks Paul D. Robertson (Jan 28)
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- Re: Application-level Attacks Paul D. Robertson (Jan 29)
- Re: Application-level Attacks Dean A Weber (Jan 28)
- Re: Application-level Attacks Dave Piscitello (Jan 28)
- Re: Application-level Attacks R. DuFresne (Jan 28)
- Message not available
- Re: Application-level Attacks Marcus J. Ranum (Jan 29)
- RE: Application-level Attacks Ben Nagy (Jan 28)