Search



AuthenticationWorld.Com

About

This page contains a single entry from the blog posted on December 6, 2006 8:51 AM.

The previous post in this blog was Targeted spear phishing example.

The next post in this blog is Word zero day flaw only emphasizes the need for layered security.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]

« Targeted spear phishing example | Main | Word zero day flaw only emphasizes the need for layered security »

Hardware virtualization and malware attacks

There are new tools on the horizon that will help enterprises fight malware as well as provide trajectories for new malware attacks. If you listen to this podcast a security architect for Intel discusses their new hardware virtualization.

The advantages given in the presentation include:
* ability to embed intrusion detection deep packet inspection directly in the hardware, thus avoiding the need for separate appliances
* the ability to ensure that all machines on the network have minimum security configurations
* the ability to wake up machines in sleep or down mode, scan the system, deliver updates and put them back into sleep or down mode
* prevent rootkit attacks from a response perspective, isolate the system and use the out of band management channel to remotely clean the system

What wasn't mentioned was the new types of attack vectors that hardware virtualization brings...i.e. Blue Pill type attacks. Currently, there are no defense barriers to this type of attack.

Further, the interview portrays the ability to have "deep packet inspection" as the main way to deter malware attacks. The problem with current attacks is that the attack signature patterns are changing every 30 minutes. Thus no matter how deep the inspection goes, if only signature patterns are used, this type of defense on its own won't prevent malware attacks from succeeding.

Generally, the overall management of the enterprise's security systems should be helped by the ability to update patches quickly regardless of whether the computer is off or in sleep mode. Further, the ability to embed security intrusion detection systems in the hardware will also reduce operating costs long term.

BUT, the rest of the spiel is just that, a sales spiel. There is no one technology that is going to provide a silver bullet. In fact, the new technologies come with their own challenges. Therefore, you need to have multiple layers of strong identity authentication security behind the firewall to contain the damage when attacks pass through the perimeter.

Guy
www.authenticationworld.com
guy.huntington@authenticationworld.com

Posted by Guy Huntington on December 6, 2006 8:51 AM |

TrackBack

TrackBack URL for this entry:
http://www.authenticationworld.com/cgi-bin/blog/mt-tb.cgi/64

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)