Swimmer Posted August 25, 2004 CID Share Posted August 25, 2004 Opinion: No, it's not a worm, but HP's Active Countermeasures uses wormlike techniques to find and secure vulnerable systems. Although we shouldn't be afraid, it needs to be used judiciously. Worms and other malware employ a variety of techniques to find new systems to attack. Many of them scan the network for systems containing specific, remotely exploitable vulnerabilities. Some of the fastest and most successful worms, such as Slammer and Code Red, worked this way. HP thinks two can play at that game. The company has released its Active Countermeasures technology to a limited beta audience. It's an innovative network scanning tool that looks for systems on the network that "are unmapped or do not comply with security policy, and therefore represent vulnerable points in the network." When it finds these systems, it "automatically deploys policy-driven mitigation techniques." It appears that the scanner actually exploits the vulnerabilities in order to gain control and deploy the mitigation techniques. Taking the biological metaphor for all it's worth, HP says this is part of a "corporate immune system" that includes other innovative techniques such as a mail server that implements the company's "Virus Throttler," which sets rate-limiting on mail connections to limit the damage that mail worms can do. Joe Pato, a distinguished technologist at HP Labs, spoke about this technology at the RSA conference in San Francisco earlier this year, where he likened the technique to vaccination, in which the patient receives a less virulent form of the infection. So, it's a network vulnerability scanner with a difference. One might expect Active Countermeasures to be more effective against rogue systems on the network than a conventional scanner, but to what degree? If a system is not supposed to be there, do you really want to patch it and install your anti-virus client, or do you want to block it off the network somehow and alert the administrator? It's not hard to imagine many problems resulting from aggressive use of this technology, although not everyone would call all of them problems. For instance, the guest or consultant who connects to the network without going through all of the proper channels first Quote Link to comment Share on other sites More sharing options...
CA3LE Posted August 25, 2004 CID Share Posted August 25, 2004 Awesome post Swimmer Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.