Wednesday, February 17, 2010

General Hacking


                                     Zero Day Attack







                                       By- Abir Atarthy


Definition:
zero-day (or zero-hourattack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others, undisclosed to the software developer, or for which no security fix is available. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.A zero day attack will take advantage of that problem before a patch has been created. It is named zero day because it occurs before the first day the vulnerability is known.



Attack Vectors
Malware writers are able to exploit zero-day vulnerabilities through several different attack vectors. For example, when users visit rogue (or black hat) web sites, code on the site may exploit vulnerabilities in web browsers. Web browsers are a particular target because of their widespread distribution and usage. Hackers can also send e-mail attachments, which exploit vulnerabilities in the application opening the attachment. Typically badly written software will be vulnerable to several zero-day vulnerabilities in a short period of time.
Vulnerability Window
Zero-day attacks occur during the vulnerability window that exists in the time between when a vulnerability is first exploited and when software developers start to develop a counter to that threat.
For viruses, Trojans and other zero-day attacks, the vulnerability window follows this time line:
  • The developer creates software containing an (unknown) vulnerability
  • The attacker finds the vulnerability before the developer does
  • The attacker writes and distributes an exploit while the vulnerability is not known to the developer
  • The developer finds the vulnerability and starts developing a fix.


Protection
 
Protecting against zero day vulnerability exploitation is a matter of great concern for most system administrators. To reduce the impact of a zero day attack, follow best business practices such as:
 


  • Adopt a deny-all stance on firewalls and perimeter devices that protect internal networks

     
  • Separate public-facing servers from internal systems

     
  • Turn off unneeded services and remove user applications that do not support operational needs

     
  • Follow the Principle of Least Privilege in setting user access controls, permissions, and rights

     
  • Restrict or limit the use of active code such as Java script or ActiveX in browsers

     
  • Educate users about opening unsolicited file attachments

     
  • Disable the ability to follow links in email

     
  • Disable the ability to automatically download images from the web in email

     
  • Maintain an aggressive in-house security alerting and warning service (or outsource the capability) to become aware of zero-day exploits as they become public.

     
  • Use end-point management solutions to rapidly issue patches or workarounds as they become available
  • Use third-party buffer overflow protection where possible on all systems
     

1 comment:

  1. Hi this is Tanaya ,the article is very useful for
    making the users concern about such an attack.

    ReplyDelete