DARK READING...
May 2008
New intrusion tolerance technology
treats attacks as inevitable. First there was intrusion detection, then
intrusion prevention, and now, intrusion tolerance. A professor and
researcher at George Mason University is readying the commercial rollout of
a new, patent-pending technology that basically assumes an attack or
infection on a server is inevitable, so it instead minimizes the impact of
an intrusion. Called self-cleansing intrusion tolerance (SCIT), the new
security method does not replace IDS, IPS, firewalls, or other traditional
security tools, but rather adds another layer that minimizes the damage of
an attack, says the professor of computer science and director of the
Laboratory of Interdisciplinary Computer Science at GMU in Fairfax, Va. "An
intruder is going to get through irrespective of how much investment you
make [with security tools] and how hard you try. It's about how you contain"
an intrusion, he says. "Intrusion tolerance is different than intrusion
detection and intrusion prevention - it doesn't do any detection and
prevention," he says. "Today's servers are all exposed. we try to contain
the losses by reducing the exposure time of the server to the Internet." The
professor, who will outline his SCIT technology this week at IntrusionWorld
in Baltimore, says the basic idea is to regularly rotate Web, DNS, or other
servers on- and offline to "cleanse" the exposed machine to a previously
unblemished state that has never been online - and automatically have
another clean (virtual) machine take its place. This cycle would occur at
regular intervals, regardless of whether an intrusion had occurred or not.
It's a fatalistic approach to Internet-borne attacks: "Because servers are
online for such a long time, if someone wants to deliberately intrude, he
has a sitting duck on which he can work," he says.
New intrusion tolerance technology
treats attacks as inevitable. First there was intrusion detection, then
intrusion prevention, and now, intrusion tolerance. A professor and
researcher at George Mason University is readying the commercial rollout of
a new, patent-pending technology that basically assumes an attack or
infection on a server is inevitable, so it instead minimizes the impact of
an intrusion. Called self-cleansing intrusion tolerance (SCIT), the new
security method does not replace IDS, IPS, firewalls, or other traditional
security tools, but rather adds another layer that minimizes the damage of
an attack, says the professor of computer science and director of the
Laboratory of Interdisciplinary Computer Science at GMU in Fairfax, Va. "An
intruder is going to get through irrespective of how much investment you
make [with security tools] and how hard you try. It's about how you contain"
an intrusion, he says. "Intrusion tolerance is different than intrusion
detection and intrusion prevention - it doesn't do any detection and
prevention," he says. "Today's servers are all exposed. we try to contain
the losses by reducing the exposure time of the server to the Internet." The
professor, who will outline his SCIT technology this week at IntrusionWorld
in Baltimore, says the basic idea is to regularly rotate Web, DNS, or other
servers on- and offline to "cleanse" the exposed machine to a previously
unblemished state that has never been online - and automatically have
another clean (virtual) machine take its place. This cycle would occur at
regular intervals, regardless of whether an intrusion had occurred or not.
It's a fatalistic approach to Internet-borne attacks: "Because servers are
online for such a long time, if someone wants to deliberately intrude, he
has a sitting duck on which he can work," he says.
posted by arkietechs at 7:16 AM
0 Comments:
Post a Comment
<< Home