Hi all,
I've only recently started working as a security analyst so please be
easy on me if this question is some what naive!
The majority of worms and attacks on servers seem to stem from
malicious packet crafting - in particular buffer overflow exploits.
Since these attacks are usually not from the client software, I am
curious as to why there does not exist a security product on the
market that blocks requests to a server that do not originate from the
respective client software. Such a product would for example only
allow requests from Outlook to be handled by the Exchange server,
dropping any requests that originate from a virus, worm or attacker on
the network. This product could come in the form of an agent that
sits on each desktop and server in the network, checking that the
software opening sockets is inline with the security policies outlined
by the business. Using encryption, the product could ensure that
untrusted machines are not able to mimic valid agents.
Does anyone have any thoughts on this matter?
Adam Blake
---------------------------------------------------------------------------
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The Norwich University program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Tailor your education to your own professional goals with degree
customizations including Emergency Management, Business Continuity Planning,
Computer Emergency Response Teams, and Digital Investigations.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
