How to Protect against the Zero Day Attacks

Март 3, 2008

Protecting against zero day vulnerability exploitation is a matter of great concern for most system administrators. To reduce the impact of a zero day attack, follow best business practices such as:

• Adopt a deny-all stance on firewalls and perimeter devices that protect internal networks
• Separate public-facing servers from internal systems
• Turn off unneeded services and remove user applications that do not support operational needs
• Follow the Principle of Least Privilege in setting user access controls, permissions, and rights
• Restrict or limit the use of active code such as Java script or ActiveX in browsers
• Educate users about opening unsolicited file attachments
• Disable the ability to follow links in email
• Disable the ability to automatically download images from the web in email
• Maintain an aggressive in-house security alerting and warning service (or outsource the capability) to become aware of zero-day exploits as they become public.
• Use end-point management solutions to rapidly issue patches or workarounds as they become available
• If you use Microsoft’s Active Directory, take maximum advantage of Group Policy Objects to control user access
• Do not rely on anti-virus protection alone since zero-day attacks are often not detectable until new signatures are released
• Use third-party buffer overflow protection where possible on all systems
• Follow vendor recommendations on workarounds and mitigations until a patch is available