Tactical Advice

Don't Be Exploited

Zero-day attacks are dangerous, but you can defend against them.
This story appears in the June 2008 issue of BizTech Magazine.

Photo: Drake Sorey
Richard Kissel, Senior Information Security Analyst, NIST

Zero-day exploits result from the identification of vulnerabilities in popular programs, followed by the creation of malicious code that takes advantage of those vulnerabilities to compromise systems or make them agents of attack. What separates them from more routine attacks is that they are launched before those vulnerabilities are made known to the public or to software vendors responsible for protecting those programs. Because the vulnerabilities have yet to be discovered by the vendor or antivirus companies, there is no patch or antivirus signature available to identify, neutralize and remove the malicious code.

The reason IT managers should be concerned is that the antivirus products don’t recognize the vulnerability or have a malicious code signature to scan for, so the antivirus or antispyware programs you may have installed to protect your critical business systems won’t protect your company. In other words, your systems can be fully compromised — and you have no way of knowing.

One example took place a few years ago when Microsoft announced a serious vulnerability in its Windows Plug-and-Play service. Microsoft released a patch and within a week “proof of concept” exploit code for the vulnerability appeared, followed by six Zotob worms. While hardly instantaneous, the attack occurred in less time than it might take for many companies to update all their vulnerable systems.

Because Zotob and the related attacks were worms, it is reasonable to expect that antivirus software would protect against it. But by the time antivirus companies acquired samples, wrote a signature to identify them and distributed those signatures to users, the worms had spread.

Keep in mind that while Microsoft Windows Vista is less vulnerable to unauthorized configuration changes than Windows XP because it requires specific administrator-account author­ization for configuration changes, zero-day attacks are not predictable or limited to any specific operating system. All software products and operating systems have unknown vulnerabilities and are susceptible to zero-day exploits.

So what can you do to protect your company from an attack? Here’s a start:

Apply all available patches and updates to your operating systems and application programs. If you installed antimalware programs that use both signatures and heuristics (tools that monitor the system for unusual behavior), you are better prepared to detect and neutralize zero-day attacks.

Tighten up your firewalls. Ensure that your system and network firewalls are filtering traffic in both directions. Inbound traffic is blocked if it comes from known bad sites. Outbound is filtered to prevent malware from sending out sensitive information to its home base.

Protect against buffer overflows. A buffer overflow is a programming error that may result in malicious code being allowed to run on your system. Install and use software to protect your system against buffer overflow attacks, especially if your operating system does not provide this protection.

One important step in any plan to defend against zero-day exploits is to make sure you back up your important information regularly. But making backups doesn’t protect your information when your system is compromised and your sensitive data is stolen.

When your system is compromised, the only way to protect your information is to already have it encrypted. Encryption isn’t foolproof, but it’s better than leaving your sensitive information unprotected. If you are still using Windows XP, you should access the Internet from an account with limited privileges. You should also exercise caution when opening unexpected e-mail attachments. For example, be very careful clicking on URLs in e-mail.

The bottom line for IT managers is to know that all software has vulnerabilities that can be taken advantage of by hackers as soon as they discover them. It is up to you to take responsible action.

Richard Kissel is a senior information security analyst for the National Institute of Standards and Technology in Gaithersburg, Md.
Sign up for our e-newsletter

Security

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
Tools to Maintain Mobile Sec... |
Far-flung devices pose serious challenges, but a variety of technologies can help protect...

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...
The Value of Converged Infra... |
Improvements in security, management and efficiency are just a few of the benefits CI can...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Hardware & Software

Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.
The Tools That Power Busines... |
Ever-evolving analytic software can greatly improve financial institutions’ decision-...
XP-iration Date: Today Is th... |
It’s officially lights out for Windows XP as an operating system. Here’s how the world is...