백서
Evading Detection
You’ve deployed various security devices for intrusion prevention and detection, but hackers are always looking for ways to bypass that barrier to deliver malware to your mission-critical systems. Those work-arounds are called evasions. A well-written evasion can enable full sessions carried in packets that completely sidestep security systems.
Many security devices have ways of normalizing data and detecting these types of compromises. However, they typically are not enabled when devices are initially deployed because they have a huge overhead in terms of processing time. When evaluating new security gear, evasion detection is often left out of the proof of concept (PoC) for this same reason. But what if you want to enhance your intrusion prevention/detection system (IPS/IDS) or next-generation firewall (NGFW) protection by turning on the evasion detection feature? You’ll want to test and hone it in the lab first.
무엇을 찾고 있습니까?