StoneGate™ IPS Detects And Blocks Attacks That Use New Evasion Techniques Announced By CERT/CC

Published 16th May 2007

Reading, UK – 15 May, 2007 – Stonesoft Corporation, an innovative provider of integrated network security and business continuity solutions, announces that the new StoneGate IPS versions 4.0 and later are capable of detecting and blocking attacks that use the new evasion technique reported by CERT Coordination Center (CERT/CC).

According to the CERT/CC vulnerability note published on 15 May 2007, the new evasion technique is used for bypassing intrusion detection/prevention systems that scan HTTP traffic. The attacker can bypass security controls of an IDS/IPS using encoded data with HTTP POST method. If the IDS/IPS does not decode Fullwidth Unicode encoded HTTP POST request data, an attack will not be detected and can cause damage within the web server.

“The new StoneGate IPS contains very effective normalisation for HTTP client requests”, says Mika Rautila, Chief Technology Officer at Stonesoft. “IPS protects corporate networks quickly and without downtime. Bringing down business-critical services for maintenance means lost revenue, but with StoneGate IPS, security vulnerabilities can be patched without the need for unscheduled maintenance breaks.”

The StoneGate™ secure connectivity solution comprises of a Firewall and an Intrusion Prevention System (IPS). The StoneGate IPS, comprising of an IDS (Intrusions Detection System) and an IPS, defends the network proactively by detecting malicious packets within regular network traffic and blocking them before any damage occurs. Implementing StoneGate IPS expands the defence further within networks enabling comprehensive, multi-dimensional network security. StoneGate Firewall and IPS work together to provide intelligent defence throughout the enterprise network.