The Standards Balancing Act
Too often, tight protocol standards are not considered significant in information security. But a recent bug in a popular open-source intrusion-detection system highlights the importance of adherence
June 15, 2006
A recently revealed flaw in Snort, a popular open-source intrusion-detection system used by many corporations and government agencies, could let an attacker subvert many of Snort's HTTP content-inspection rules simply by manipulating Snort's implementation of the HTTP standard. Closer adherence to the standard might have prevented this flaw.
Too often, tight protocol standards are not considered significant in information security, but this bug highlights the importance of adherence to industry standards.
The standards war has been waging for years. At one extreme are companies like Microsoft that often ignore existing specifications and create their own redundant protocols to lock users into their products. At the other extreme are people like Dan Bernstein, a University of Illinois professor who has gone so far as to cause his popular mail server, Qmail, to refuse service to mail clients that do not precisely follow protocol standards (resulting in some unreceived mail). Where on this spectrum the happy medium lies remains to be seen, but perhaps this latest flaw in Snort will bring attention to the importance of strict standards.
Read more about:
2006You May Also Like