This article is about technical vulnerabilities.Aa request of my blog reader(sumit sinha).
A zero-day (or zero-hour) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software developer, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.
The term derives from the age of the exploit. When a developer becomes aware of a security hole, there is a race to close it before attackers discover it or the vulnerability becomes public. A "zero day" attack occurs on or before the first or "zeroth" day of developer awareness, meaning the developer has not had any opportunity to distribute a security fix to users of the software
Protection
Zero-day protection is the ability to provide protection against zero-day exploits. Zero-day attacks can also remain undetected after they are launched.
Many techniques exist to limit the effectiveness of zero-day memory corruption vulnerabilities, such as buffer overflows. These protection mechanisms exist in contemporary operating systems such as Apple's Mac OS X, Microsoft Windows Vista [1], Sun Microsystems Solaris, Linux, Unix, and Unix-like environments; Microsoft Windows XP Service Pack 2 includes limited protection against generic memory corruption vulnerabilities. Desktop and server protection software also exists to mitigate zero day buffer overflow vulnerabilities.
"Multiple layers" provides service-agnostic protection and is the first line of defense should an exploit in any one layer be discovered. An example of this for a particular service is implementing access control lists in the service itself, restricting network access to it via local server firewalling (i.e. iptables), and then protecting the entire network with a hardware firewall. All 3 layers provide redundant protection in case a compromise in any one of them is discovered.
The use of port knocking or Single Packet Authorization daemons may provide effective protection against zero-day exploits in network services. However these techniques are not suitable for environments with a large number of users.
Whitelisting technology effectively protects against zero day threats. Whitelisting will only allow known good applications to access a system and so any new or unknown exploits are not allowed access. Although whitelisting is effective against zero-day attack, unless it is combined with other methods of protection such as HIPS or a blacklist of virus definitions it can sometimes be quite restrictive to the user.
Engineers and vendors such as Gama-Sec in Israel and DataClone Labs in Reno, Nevada are attempting to provide support with the Zeroday Project, which purports to provide information on upcoming attacks and provide support to vulnerable systems.
Another method to avoid zero day attacks is to wait for a reasonable period of time before upgrading to a new major version. Exploits which are discovered in new software are often addressed in a timely manner by the software developer and fixed by later minor updates. Minor updates to older software that contain security fixes should obviously always be installed to maximize security. While this method avoids "zero day" vulnerabilities that are discovered by the zeroth day of the software release cycle, security holes can be discovered at any time. If they are announced to the public before the software vendor, exploits can made on the "zeroth day" of the vulnerability window...THANK YOU SUMIT SINHA
7:52 AM
1 comment
Subscribe to:
Post Comments (Atom)
1 comments:
Thanks a lot ajeet..
Post a Comment