This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Who Me Too'd this topic

IPS Evader Testing Tool Update

Retired Member
Not applicable

‎01-05-2016 05:38 PM - edited ‎01-05-2016 05:54 PM

At Palo Alto Networks, we are committed to the security of our customers. As part of this commitment, we take evasions of security very seriously. Building products that defeat such evasions remains central to our approach and has been one of our guiding principles as we enable our customers to overcome more widespread evasions. The reality as we see it, is that evasions happen every day, but often using unsanctioned applications, encryption applications, file sharing apps, and more. These evasion techniques are very easy for attackers to use and legacy security technologies are simply not equipped to handle them. We also recognize that there are complicated evasions, such as reversing the TCP handshake to bypass normal security measures. And while many of these evasions are made ineffective with modern operating systems, or are not accessible without first gaining a foothold inside the network, we take them seriously as well.

 

As part of ensuring that our products are able to block scans or evasion attempts, we are continually looking for new applications, evaluating various attack toolkits, maintaining an inventory of such testing tools, testing our devices with them, and performing additional third-party penetration tests.  One such tool among the many we use and that has been part of our testing for over 3 years is the McAfee/Stonesoft IPS Evader Tool.

 

It was recently brought to our attention that our devices were not stopping several layered evasions that allowed attacks to succeed over the SMB protocol. While these evasions would naturally be limited by policy limits on SMB itself and the obscurity of the layered evasion techniques, we took this very seriously. Once we understood the necessary reproduction information, we verified the findings and addressed the evasions through dynamic content update version 549-3088. This content release is now available and devices configured to perform scheduled content updates will download and install the update automatically. In addition to the content release, we have updated our best practices on securing the network from L4 and L7 evasions.

 

If you have any questions related to this issue or the content update process, please do not hesitate to reach out to our Support team.

 

Regards,

The Palo Alto Networks product management team

7 people had this problem.
Who Me Too'd this topic
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks