A high-profile security researchers believe companies can reduce the use of non-malicious worms network security costs, and begin to take action, working to launch a new framework to build the "controllable worm", in order to bring benefits for the enterprise.
New York State Immunization corporate loopholes researcher Dave Aitel held in the Malaysian capital Kuala Lumpur, Hack In The Box conference demonstrated a on "nematodes (Nematode)" Framework of class procedures, he stressed that the worm will become a good corporate security policy an important component.
In an interview with Ziff Davis Internet journalists interview, Aitel said: "We are trying to change the way people think, we do not want people to think this is impossible. Building beneficial to the use of worms and it is entirely possible, and will firms are implemented. "
Over the years, security experts have been looking on with a good worm and malicious worms, destruction of the concept of holding debate: Some people think that is a worm with a worm attack strategy and construct a good time for the worm to solve the problem, but some people do not think so, because the replication process-related motor disorder people feel confused.
Aitel is the former, he believes the worm antivirus technology can significantly reduce the cost and maintenance of networks, it is inevitable.
Aitel said: "We have already verified only need to use a very simple flaw, after a few steps, take a few minutes, you can make a working worm."
He took the "worm" is the name, because often with some sharp tail of the worm to control pests in crops. Aitel explained: "We can in any way we want to generate the worm, you can create a program of activities to strictly control the nematode worm."
Aitel to Stake member company of Office to do before decoding, in NSA (National Security Agency, National Security Agency) has done 6 years of computer scientists. He firmly believed that the worm could provide answers in order to reduce security costs.
He saw some ISP, government departments and some large companies use "strictly controlled" nematodes significantly reduced cost.
Hack In The Box in the General Assembly to do the report, Aitel lists the reasons for making the worm, and explains why good worms for the control of strict protocol.
He said that loopholes in the existing information can automatically make the worm, he even show off a new programming language specially crafted worms.
Aitel admit there are some potential problems, he noted that the worm is very difficult to write, and will take up a lot of network bandwidth. It is difficult to hit and control the worms, he said, IT administrators live in constant fear.
The concept put forward, including the "worm" of use, only to respond to attacks from the network and clear the NIL (Nematode Intermediate Language, nematodes intermediary language) of the server can be used as a simplified special "worm assembly."
NIL can be quickly and easily put into the worm holes. Aitel that, in some cases, you can write directly to the vulnerability to further simplify the virus in the NIL process.
Aitel claimed: "This will be your tool kit as part of the security team", he stressed that their company's work is a "proof of concept of class (research-level proof of concept)", can be useful to use the theory of the details of the worm of.
Aitel said: "If you look at the cost of maintaining the security of large networks, most of the CIO agreed to pay this strategy. With the concept of the worm, you can use automation to get more with less protection. This is the development of these new technologies the driving force behind. "
He added: "Technology is the next step until the worm a foot pad, we have two stages away. Our goal is to build automatically using automation technology self-protection network. We believe that this technology a reality as you can enjoy the product, only to spend up to 5 years. "
"We have a engine that can be exploited and put them into a worm, so that you can into the control mechanism. Enterprise will certainly be interested in this."
没有评论:
发表评论