View Mobile Site
Home >> Resources >> Blogs

Zero Day Attack Preparation

Last week Adobe announced yet another vulnerability identified in Flash, affecting Windows, Macintosh, Linux, Solaris, and even Android.

The vulnerability allows an attacker to overtake a system when a user unsuspectingly opens an Excel file with an embedded flash animation. As a part of the announcement, Adobe explained that they are finalizing the fix and intending to release this patch during the week of March 21, 2011.

If you’re a system administrator, what do you do when you see this? How do you protect your network from a threat when there is seemingly no way to do so?

Do you send an email to your entire company telling them not to open any excel attachments until late next week? Or perhaps just turn your computers off and wait a week to turn them back on? That won’t be a problem, will it?

If the only way to avoid zero-day attacks was to wait for the software manufacturer to fix their software, well, you’d be spending a lot of time waiting. While there’s hardly a single “silver bullet” solution to protect your network from all zero-day vulnerabilities, there are some things your company can be putting in place now to protect yourself for the future.

  • Good Anti-Spam protection— Being able to catch viruses before they enter your corporate LAN is the best way to prevent infection. A good anti-spam system would be able to detect this malicious email not long after discovery (as long as it is updating its signatures frequently).
  • Good Anti-Virus protection—Assuming that somehow the malicious file made it onto a system, having a properly configured, up-to-date Anti-Virus client will detect the file when it enters a workstation and delete it before the attack can occur.
  • Good Intrusion Detection—With zero day vulnerabilities, the risk always exists that you’ll get infected before anyone—the software manufacturer, the anti-spam manufacturer, and the anti-virus manufacturer—has a chance to catch the threat and do something to prevent it. When this occurs, a system administrator has to quickly locate computers that have been infected. A good intrusion detection system can observe systems displaying “infected” behavior on the network, making it easy to locate and isolate the infected systems before the infection can spread. Where do you find a good Intrusion Detection Provider? Well, I can think of one - LBMC Managed Security Services.

It is important to get these solutions in place as soon as possible. While there isn’t an iron-clad solution for every situation, these components could be the difference that protects your network the next time a vulnerability is announced.

By: Scott Crews, CPA, GWAPT

Security and IT Audit's blog |  Tags: Security and IT Audit, Managed Security, Risk, Security
Post new comment
CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.
We are a group of dedicated LBMC employees focused on security and IT audits across key industries.

Blog Comments

The students have to get know
6 weeks 3 days ago
An inefficient revenue cycle
11 weeks 9 hours ago
Aren't all kids oittmisipc
12 weeks 1 day ago
There are some interesting
12 weeks 1 day ago
I know. Seems rellay weird,
12 weeks 1 day ago