November 28th, 2007
Zero Days: How to protect yourself
The SANS Institute released its top 20 security risks for 2007, which documents the security arms race between cyber criminals and the folks playing defense. But let’s focus on the big scourge–zero day attacks.
The report released Wednesday (press release) gives a nice overview of zero day attacks, recaps the year and provides some tips on how to protect yourself. The last part is particularly handy given that zero days aren’t going extinct–Word, Office, Acrobat and RealPlayer were targets in 2007–any time soon. On the bright side, SANS says:
Several zero day attacks were recorded in 2007 although that number has dropped from the previous year.
However, a lot more can be done. Here’s a look at SANS advice on thwarting the dreaded zero day.
- Adopt a deny-all stance on firewalls and perimeter devices that protect internal networks. My take: Shouldn’t this be a no brainer for most companies?
- Separate public-facing servers from internal systems. My take: Hopefully a few retailers will read this.
- Turn off unneeded services and remove user applications that do not support operational needs. My take: Prune those apps. It saves money too.
- Follow the Principle of Least Privilege in setting user access controls, permissions, and rights. My take: Beware the insider.
- Restrict or limit the use of active code such as JavaScript or ActiveX in browsers. My take: How will users enjoy the Web during work?
- Educate users about opening unsolicited file attachments. My take: I can’t believe fools still open stray attachments.
- Disable the ability to follow links in email. My take: Users will revolt.
- Disable the ability to automatically download images from the web in email. My take: So long HTML newsletters.
- Maintain an aggressive in-house security alerting and warning service (or outsource the capability) to become aware of zero-day exploits as they become public. My take: This is doable and handy.
- Use end-point management solutions to rapidly issue patches or workarounds as they become available. My take: Do we have a VP of patches yet?
- If you use Microsoft’s Active Directory, take maximum advantage of Group Policy Objects to control user access. My take: Access is everything.
- Do not rely on anti-virus protection alone since zero-day attacks are often not detectable until new signatures are released. My take: Another blow to the AV market.
- Use third-party buffer overflow protection where possible on all systems. My take: A no brainer.
- Follow vendor recommendations on workarounds and mitigations until a patch is available. My take: This advice depends on quick vendor response.
Larry Dignan is Editor in Chief of ZDNet and Editorial Director of ZDNet sister site TechRepublic. See his full profile and disclosure of his industry affiliations.
