What is Zero Day Attack or Exploit?- Know its Prevention
|
A zero-day (or zero-hour or day zero) attack is an attack that exploits a previously unknown vulnerability in a computer application, i.e the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (actual software that uses a security hole to carry out an attack) are used or shared by attackers before the developer of the target software knows about the vulnerability etc.
Ordinarily, when someone detects that a software program contains a potential security issue, that person or company will notify the software company (and sometimes the world at large) so that action can be taken. Given time, the software company can fix the code and distribute a patch or software update. Even if potential attackers hear about the vulnerability, it may take them some time to exploit it; meanwhile, the fix will hopefully become available first.
Sometimes, a hacker may be the first to discover the vulnerability. Since the vulnerability isn't known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection:
- Use virtual LANs (IPsec) to protect the contents of individual transmissions.
- Deploy an intrusion detection system (firewall).
- Introduce network access control to prevent rogue machines from gaining access to the wire.
- Lock down wireless access points and use a security scheme like Wi-Fi Protected Accessor WPA2 for maximum protection against wireless-based attacks.
Zero Day Attack Prevention tips:
1. "Multiple layers" provides service-agnostic protection and is the first line of defense should an exploit in any one layer be discovered. An example of this for a particular service is implementing access control lists in the service itself, restricting network access to it via local server firewalling (i.e., IP tables), and then protecting the entire network with a hardware firewall. All three layers provide redundant protection in case a compromise in any one of them occurs.
2. The use of port knocking or single packet authorization daemons may provide effective protection against zero-day exploits in network services. However these techniques are not suitable for environments with a large number of users.
3. Whitelisting effectively protects against zero day threats. Whitelisting will only allow known good applications to access a system and so any new or unknown exploits are not allowed access. Although whitelisting is effective against zero-day attacks, an application "known" to be good can in fact have vulnerabilities that were missed in testing. To bolster its protection capability, it is often combined with other methods of protection such as host-based intrusion-prevention system or a blacklist of virus definitions, and it can sometimes be quite restrictive to the user.
4. Engineers and vendors such as Gama-Sec in Israel and DataClone Labs in Reno, Nevada are attempting to provide support with the Zeroday Project, which purports to provide information on upcoming attacks and provide support to vulnerable systems.
5. Keeping the computer’s software up-to-date is very important as well and it does help.
6. Users need to be careful when clicking on links or opening email attachments with images or PDF files, even if the sender is someone they know. This is how many cyber criminals deceive users, by pretending they are something they are not and gaining the user’s trust, as well as having a virus or other malware email copies of itself to the address lists of infected victims.
7. Utilize sites with Secure Socket Layer (SSL), which secures the information being passed between the user and the visited site.
That’s it!
Join me on Google+
|
Respected Readers :-
|
E njoyed this post very much – So why not you Subscribe to our regular Email Updates ! and stay connected with us forever .
0 comments :
Have any question? Feel free to Ask Below
Your feedback is always Precious to us.
I will try to answer all the queries as soon as possible.
Regards
karan chauhan