With the most recent ActiveX vulnerability (CVE-1136-2009) still very fresh and the attacks still evolving out there, reactive protection mechanisms need to update for such exploits rapidly, and as the exploit is quite easy to modify and obfuscate they have their work cut out for them. Still some out there might get lulled into feeling safe and above all of this e.g.:
So what would I do in a corporate setting?
-- |
Swa 760 Posts Jul 14th 2009 |
Thread locked Subscribe |
Jul 14th 2009 1 decade ago |
That is an important point about https and IPS. The one I use has the ability to do a man-in-the-middle of HTTPS using a cert that we issue to all computers as trusted.
I have noticed most exploits now come through https for exactly this reason. A redirect from a standard http website will point to a https server that contains the actual malware. Most IPSes will fail to detect anything unless they are inspecting inside SSL. |
Jason 9 Posts |
Quote |
Jul 14th 2009 1 decade ago |
How would providing two browsers to the users improve security ? Unless you have a way to force everyone to use one or another, you're just doubling the attack surface while requiring to maintain two platforms instead of one (and I'm not even mentioning all the plugins, addons and other helpers)
|
Jason 16 Posts |
Quote |
Jul 14th 2009 1 decade ago |
@Jason: take care with obfuscation techniques, encryption is just one of the many challenges for IDS/IPS (and AV) in things like this.
@Stephane: the key is to have that method to enforce the switch if and when you feel it is warranted/needed. The unpredictable nature also helps in not getting caught and loosing it all. Would you rather have half of your users infected twice as often or all of them less often ? Since it's a client (not a server) it's only exposed when used so somebody never using the other browser doesn't really double the attack surface to that user. There are dozens of ways to block a given browser ranging from simply asking the users to enforcing it via custom signatures in AV, global policies, proxies that refuse service and many more. |
Swa 760 Posts |
Quote |
Jul 14th 2009 1 decade ago |
Don't forget YOUR own man in the middle, your web proxy servers that should be inspecting/protecting this traffic as well
|
Swa 5 Posts |
Quote |
Jul 14th 2009 1 decade ago |
Talking of which......
Mozilla Firefox Memory Corruption Vulnerability http://secunia.com/advisories/35798/3 |
Karl 14 Posts |
Quote |
Jul 14th 2009 1 decade ago |
While not perfect, we rely heavily on our IPS. They have a filter available for the vulnerabilty, but cannot or will not release it until Microsoft pushes the patches. Don't know if that's a case of ethics getting in the way of a layered defense or what.
|
Dean 135 Posts |
Quote |
Jul 14th 2009 1 decade ago |
So now we have zero day IE and Firefox vulnerabilities...I guess it is time to consider a 3 or 4 browser approach? :) What are the odds 4 browsers will have an upatched zero day at the same time?
|
Dean 2 Posts |
Quote |
Jul 14th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!