A zero-day threat is a
threat that exploits an unknown computer security vulnerability. The term is
derived from the age of the exploit, which takes place before or on the first
(or "zeroth") day of a developer's awareness of the exploit or bug.
This means that there is no known security fix because developers are oblivious
to the vulnerability or threat.
Zero-day exploits are
often discovered by hackers who find a vulnerability in a specific product or
protocol, such as Microsoft Corp.'s Internet Information Server and Internet
Explorer or the Simple Network Management Protocol. Once they are discovered,
zero-day exploits are disseminated rapidly, typically via Internet Relay Chat
channels or underground Web sites.
The following are key
signs a company would see when attacked with a zero-day exploit:
·
Unexpected potentially
legitimate traffic or substantial scanning activity originating from a client
or a server
·
Unexpected traffic on
a legitimate port
·
Similar behavior from the
compromised client or server even after the latest patches have been applied
In such cases, it's
best to conduct an analysis of the phenomenon with the affected vendor's
assistance to understand whether the behavior is due to a zero-day exploit.
However, there are a
few steps and measures that could help us to reduce our exposure to Zero Day
based attacks.
Make Sure Your
Operating System Is Updated
If your operating
system (OS) is up to date, you're already at an advantage. Whatever OS you're
running, simply engage with the usual method of checking for updates, and if
they're available, download and install them.
Prevention
Good preventive
security practices are a must. These include installing and keeping firewall
policies carefully matched to business and application needs, keeping antivirus
software updated, blocking potentially harmful file attachments and keeping all
systems patched against known vulnerabilities. Vulnerability scans are a good
means of measuring the effectiveness of preventive procedures.
Real-time protection
Deploy inline
intrusion-prevention systems (IPS) that offer comprehensive protection. When
considering an IPS, seek the following capabilities: network-level protection,
application integrity checking, application protocol Request for Comment (RFC)
validation, content validation and forensics capability.
Update your software.
Another important way
of protecting yourself against zero-day attacks is to make sure that you use
the most updated version of your software. If software you trust sends you a
notice to update your version, do it. If the software update explains that this
a critical update (it may be referred to as a "critical security
release" or similar), believe them. The update may include a patch to a
recently discovered vulnerability. By updating your software, you immunize
yourself against possible future infections through that vulnerability.
Use only updated
browsers.
Firefox, Chrome and
Internet Explorer all push out automatic updates of their browsers on a regular
basis. These updates, which often include patches to newly discovered
vulnerabilities, generally take place in the background. The updates are
installed when you close and reopen your browser, and won't disturb your use of
the browser at all.
Use a Password Manager
For some reason,
password managers still haven't taken off. We've seen again and again that
people just don't know how to create a password that cannot be guessed. Perhaps
they're too lazy or busy to change from "qwerty" to something far
more secure yet memorable. Alternatively, perhaps they believe that by choosing
a simple password, they're double bluffing the criminals.
| http://evanewz.com/ |
No comments:
Post a Comment