IT Management Daily
Storage Daily
Security Daily

follow us on Twitter

Be a Commerce Partner

Internet News
Small Business
Personal Technology

Corporate Info
Tech Jobs
E-mail Offers

Related Articles
Admins to Microsoft: WMF?!

Security Products
 FB Limiter (AxiomCoders)
 Keylogger Free Download (Free keylogger download)
 Software Keylogger (Software keyloggers)
 Facebook Password Recovery (XaviWare Software Ltda.)
 BlockAllow (BlockAllow)
 AW GoOn (AtelierWeb Software)
» Enterprise IT Planet » Security » Security Features

Outsmarting a Zero-Day

By Enterprise IT Planet Staff
February 3, 2006

Email Print Digg This Add to

The worst part of a zero-day scenario is the uncertainty; that brief period when questions outnumber cold, hard facts. And let's not forget a sleepless night or two.

stock photography
In network security, a little vigilance goes a long way.
Like everyone, security administrators like to be in the know. Short of being a human sponge, absorbing all the information on countless software applications, operating systems, and protocols is impossible. Most rely on watch lists and bulletins for information on looming threats.

But then there's a zero-day, an exploit that manifests in the gap between the vulnerability's discovery and the patch's release.

Of course, zero-days just don't materialize. They are willfully coded and set loose to exert an attacker's control over far-flung systems or simply ruin someone's day. For admins, though, motivations don't matter. What does matter is keeping data secure and the network humming.

In that respect, IT departments that plan and deploy their defenses in a smart and layered manner generally have a leg up. It also helps to keep your eyes and ears open.

Busy techies barely have enough time to catch their breath, let alone trawl the Web for security news. Neither can they afford to get caught unaware.

A subscription to a reputable mailing list is a good start. Supplement that with a handful of bookmarks and RSS feeds. But watch out for information overload!

Some fatalists may not see the point, however, in the absence of a patch, admins can usually implement easy workarounds or set up alerts. And that's worth a good night's sleep, isn't it?

Note: Any opinions expressed below are solely those of the individual posters on the AntiOnline forums.

Spotlight Thread:
Protecting Against Zero Day Attacks

ghostmachine would like to know...

Can an IPS protect against zero day attacks? What are some of the tools out there that can protect against 0 day attacks?

Limiting your exposure is one way to keep bugs at bay. Eyecre8's plan:

With that in mind, and presumably you run a network of any size, you would obviously want to limit any exposure to potential sources of the attack. While none of these are fool proof, they may cut down the possibility of exposure, which is better than nothing.

A few ideas:

Firewalls with stateful packet inspection to help block external scan attempts.

Devices with URL/Content filtering to cut navigation to potentially malicious sites that may host malicious files...

SirDice reminds the group that in security, like in braving the cold, layers matter.

From experience: From outside in, about 90% of the attacks are caused by viruses/worms. 9.99% are script kiddies and only 0.01% is truly worrisome.

And you probably won't even detect that 0.01%... It gets lost in all the noise or they're so sophisticated none of your detection tools will detect it.

The only thing preventing total collapse is a layered security approach. The more layers the better.

What are your strategies for coping with zero-days? Discuss them here.

Email Print Digg This Add to

Security Features Archives