In this case, it’s a great example of a false positive, or collateral damage, generated through guilt-by-association there’s nothing inherently bad about NOPs, it’s just that exploit writers use them a lot, and IPS vendors decided that made them suspicious. This isn’t malicious by itself, but is a common letter with which people pad exploits (see 24.6↓). At the current moment, you can find out if your traffic is passing through an IPS by trying to send a long string of 0x90 octets (x86 NOPs) in a session. Because of this, intrusion detection systems (see 16↓) often simply guess they try to detect attacks unknown to them by looking for features that are likely to be present in exploits but not in normal traffic.
So often we can’t enumerate all the things we would want to do, nor all the things that we would not want to do. Secure from whom? A site may be secure against outsiders, but not insiders. Secure to whom? A web site may be secure (to its owners) against unauthorized control, but may employ no encryption when collecting information from customers. Alternately, I could refer to access-control equivalence between two firewall implementations in this case, I am discussing objects which implement a security mechanism which helps us achieve the security goal, such as confidentiality of something. To be perverse, these last two examples could be combined if the information in the first example was actually the keys for the cryptosystem in the second example, then disclosure of the first could impact the confidentiality of the keys and thus the confidentiality of anything handled by the cryptosystems. Or I could say that two cryptosystems are confidentiality-equivalent, in which case the objects help achieve the security goal. In this case, I’m discussing objects which, if treated improperly, could lead to a compromise of the security goal of confidentiality.
I consider two objects to be security equivalent if they are identical with respect to the security properties under discussion for precision, I may refer to confidentiality-equivalent pieces of information if the sets of parties to which they may be disclosed (without violating security) are exactly the same (and conversely, so are the sets of parties to which they may not be disclosed).
0 kommentar(er)
