Unmasking Network and Data Evasions
A well-written evasion can enable full sessions carried in packets that completely sidestep security systems. Many security devices have ways of normalizing data and detecting these types of compromises. However, they typically are not enabled when devices are initially deployed because they have a huge overhead in terms of processing time. But what if you want to enhance your intrusion prevention/detection system (IPS/IDS) or next-generation firewall (NGFW) protection by turning on the evasion detection feature? You’ll want to test and hone it in the lab first. Read this document to learn more about the top evasion techniques and how Ixia's BreakingPoint can help you make informed decisions on the trade-off between prevention and performance.