CUPERTINO, Calif. -- March 7, 2003 - Given the rise in newly discovered network vulnerabilities, including the recent Sendmail Header Process Vulnerability, Symantec strongly recommends that organizations use their Internet-facing firewalls in full-application inspection mode.
"Network-layer security mechanisms dominate current deployments, but are proving inadequate in the face of more frequent application-layer attacks," said Mark Bouchard, META Group. "Vendors and users alike need to increase their focus on application-layer security controls in order to proactively protect networks from an increasing number of vulnerabilities."
The total number of moderate and high severity vulnerabilities documented in 2002 was 84.7% higher than the total documented in 2001, according to the Symantec Internet Security Threat Report, released last month. On average Symantec analysts documented seven new vulnerabilities each day over the past year.
"The increasing rate at which vulnerabilities are being discovered, coupled with the growing sophistication of malicious code that exploits these vulnerabilities, leaves organizations more open to attack than ever before," said Greg Gotta, vice president of product delivery at Symantec. "Stateful inspection firewalls examine the source of the information packet, but don’t look at its contents in depth. By using externally facing firewalls in full-application inspection mode, organizations can examine the contents of the information packets for anomalous activity and further prevent attacks."
Symantec's full-application inspection firewalls employ advanced security features up to and including the application layer. In the case of an attempt to exploit an application in an anomalous manner, Symantec Enterprise Firewall, Symantec VelociRaptor, and Symantec Gateway Security protection solutions will detect this attempt and block it by default.
On March 3, 2003, a remotely exploitable vulnerability was discovered in Sendmail, a widely deployed email server. The vulnerability is due to a buffer overflow condition in the SMTP header-parsing component. Remote attackers may exploit this vulnerability by connecting to target SMTP servers and transmitting to them malformed SMTP data. Since these attacks violate parameters defined in the RFCs, no configuration changes to the default settings in Symantec’s full-application inspection firewalls are required to protect against this Sendmail exploit.
Full-application inspection technology utilizes application layer proxies to offer the highest level of security for an enterprise firewall. Instead of traffic being scanned after only a cursory inspection at the IP or Session layer, the entire contents of the packet can be scanned through all of the layers of the TCP/IP stack. This allows for a much greater range of security features, as unique protocols are understood and examined. Stateful or network-layer inspection firewalls do not examine traffic at all layers of the TCP/IP stack, instead making a determination about the individual information packets based on headers rather than contents.
Symantec is the world leader in providing solutions to help individuals and enterprises assure the security, availability, and integrity of their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com.
NOTE TO EDITORS: : If you would like additional information on Symantec Corporation and its products, please view the Symantec Press Center at http://www.symantec.com/PressCenter/ on Symantec's Web site. All prices noted are in US dollars and are valid only in the United States.
Symantec, the Symantec logo, VERITAS, and the VERITAS logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and certain other countries. Additional company and product names may be trademarks or registered trademarks of the individual companies and are respectfully acknowledged.
FORWARD LOOKING STATEMENT: This press release contains forward-looking statements, including forecasts of future revenue and earnings per share, expected industry patterns, and other financial and business results that involve known and unknown risks, uncertainties and other factors that may cause our actual results, levels of activity, performance or achievements to differ materially from results expressed or implied by this press release. Such risk factors include, among others: the sustainability of recent growth rates, particularly in consumer products; whether certain market segments, particularly enterprise security, grow as anticipated; the positioning of Symantec's products in those segments; the competitive environment in the software industry; ability to integrate acquired companies and technology; ability to retain key employees; ability to successfully combine product offerings and customer acceptance of combined products; general market conditions, fluctuations in currency exchange rates, changes to operating systems and product strategy by vendors of operating systems; and whether Symantec can successfully develop new products and the degree to which these gain market acceptance. Actual results may differ materially from those contained in the forward-looking statements in this press release. Additional information concerning these and other risk factors is contained in the Risk Factors sections of Symantec’s previously filed Form 10-K and Form 10-Q.