Our firewall and IPS partner Stonesoft have just released a free tool called Evader that allows organisations to test the capability of perimeter security solutions in defending against attacks using Advanced Evasion Techniques (AETs).
Let’s just rewind a moment and discuss what AETs are. An advanced evasion technique is the name given to a class of stealth measures that attempt to hide an exploit from a firewall or intrusion prevention device, thus ensuring that the exploit is not detected and blocked, but is delivered to the target system. AETs combine many types of cloaking techniques in one attack, making it very difficult to detect the actual exploit.
Tests by Stonesoft on a number of firewall and IPS platforms in use today have revealed that many are not able to detect exploits when they are hidden using AETs. This means that many organisations may have perimeter security solutions that are allowing exploits to pass undetected to servers within the DMZ or internal network. If a server is vulnerable to the specific exploit then the server will be compromised leading to potential data loss, service down-time and reputational damage.
The Evader tool is a free download that permits an organisation to test its readiness to these AET attacks. The tool essentially consists of a “victim” OS with a vulnerability and an attacker OS with an exploit for the vulnerability. Firstly we can demonstrate the vulnerability working when the two are connected together. Secondly we can demonstrate that the customer’s perimeter security solution blocks the exploit by placing the victim and attacker on either side of the perimeter.
Finally the interesting bit occurs and we run the same attack, but now with AET enabled. If the perimeter solution does not detect the exploit then the victim is once again compromised. This free test quickly demonstrates the effectiveness of a company’s perimeter security solution against AET attacks.
We’re currently building a lab at Network Defence with the free tool, we’d be happy to bring it out to you and test your defences to see if they are capable of withstanding an AET attack. Let us know by email to firstname.lastname@example.org if you’d like to see this in action.
Next time I’ll talk about ways of mitigating these attacks.