| «According to CSI/FBI 2006 study : | | | | and more applications (including suspicious ones) are |
| 97% of interviewed companies and administrations | | | | encapsulated into http traffic. This is the "everything |
| were using an antivirus, more than 79% have antispam | | | | over HTTP" phenomenon ! |
| and antimalware solutions, 98% have a network | | | | Antivirus and other SECURITY TOOLS (among them, |
| firewall, 69% have intrusion detection systems | | | | some IDS, IPS and web firewalls) are usually signature |
| However ... | | | | based and are mainly efficient for known attacks duly |
| 65% of these organisations have undergone a viral or | | | | identified by the antivirus vendor. Moreover, an antivirus |
| spyware attack, 32% have experienced unauthorized | | | | has to be constantly updated ... the race between |
| access to their internal data and even 15% have | | | | vendor, user and hacker is endless ... and you know |
| suffered from network intrusions ... not taking into | | | | that a virus generates so many variants ! |
| account companies with no tool to detect incidents as | | | | Other tools include : |
| well as organisations that prefer not to 'acknowledge' | | | | - IPS and IDS (other than signature-based) usually |
| intrusion !» | | | | defeat to understand business logic and context of an |
| Network security is not web application security ! | | | | application |
| The perimeter network firewall can not block all flows | | | | - SSL encryption (and VPN solutions) can guarantee |
| and attacks. Indeed, it usually lets http flows (ports 80 | | | | against listening and spoofing but not against initially |
| and 443) come into company's networks as it is | | | | encrypted malicious traffic |
| usually needed for communication with outside world. | | | | - Vulnerability assessment and patch management |
| As this specific port is open, more and more | | | | offers are necessary (but time-consuming !) tasks |
| applications are using this open door, for instance, VoIP | | | | which will not protect against zero-day attacks |
| as well as peer to peer. This http port becomes a real | | | | - Authentication tools (such as AAA servers) can only |
| toll-free motorway to penetrate internal network. More | | | | be used with duly known existing customers. |