amishra.jsr | 22 May 08:04 2012
Picon

How to prevent zero day attacks

Hello, 
     Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in zero day
attack. Therefore, what can be done to prevent zero-day attacks?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

securityfocus | 22 May 16:58 2012

Re: How to prevent zero day attacks

unplug the machine

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Matt J. Corrigan | 22 May 17:08 2012

Re: How to prevent zero day attacks

Heuristics.

-----Original Message-----
From: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] On Behalf Of securityfocus <at> pronto185.com
Sent: Tuesday, May 22, 2012 10:59 AM
To: security-basics <at> securityfocus.com
Subject: [SPAM] - Re: How to prevent zero day attacks - Sending mail server found on zen.spamhaus.org

unplug the machine

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of
Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte
Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to
help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Confidentiality Notice: This e-mail message and any attachment(s) may contain privileged and
confidential information intended for the sole use of the intended recipient. If you are not the intended
recipient, you are hereby notified that any dissemination or duplication of this e-mail is strictly
prohibited and you are requested to notify the sender and delete this message and all attachments.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
(Continue reading)

AK | 22 May 17:01 2012
Picon

Re: How to prevent zero day attacks

Hi,
a nice viewpoint in the face of zero days is sandboxing. By sandboxing
applications you accept the fact that,even after what hopefully is a
best effort you will still have security vulnerabilities and you try to
limit as much as possible the effect of such aftermath. This is more
suited to application level as payloads disabling kernel-level
enforcements are not unheard of :-)

On 5/22/12 8:04 AM, amishra.jsr <at> gmail.com wrote:
> Hello, 
>      Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in zero
day attack. Therefore, what can be done to prevent zero-day attacks?
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
(Continue reading)

Cody Alexander | 22 May 17:16 2012
Picon

Re: How to prevent zero day attacks

Agreed, also make sure different services have minimum required permissions to run and use different
service accounts and processes for each service when possible.  Keep your attack surface small by
disabling unneeded services and properly configuring your firewalls. All these things just lower the
chance a zero day will be applicable to your systems.

The nature of a zero day is that you don't know what is vulnerable or what you need to secure, so risk
mitigation is the way to go

On 2012-05-22, at 8:07 AM, "AK" <platsakos <at> gmail.com> wrote:

> Hi,
> a nice viewpoint in the face of zero days is sandboxing. By sandboxing
> applications you accept the fact that,even after what hopefully is a
> best effort you will still have security vulnerabilities and you try to
> limit as much as possible the effect of such aftermath. This is more
> suited to application level as payloads disabling kernel-level
> enforcements are not unheard of :-)
> 
> On 5/22/12 8:04 AM, amishra.jsr <at> gmail.com wrote:
>> Hello, 
>>     Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in zero
day attack. Therefore, what can be done to prevent zero-day attacks?
>> 
>> ------------------------------------------------------------------------
>> Securing Apache Web Server with thawte Digital Certificate
>> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
(Continue reading)

Littlefield, Tyler | 22 May 17:05 2012

Re: How to prevent zero day attacks

On 5/22/2012 12:04 AM, amishra.jsr <at> gmail.com wrote:
> Hello,
>       Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in zero
day attack. Therefore, what can be done to prevent zero-day attacks?

> That's kind of the point of a 0-day attack. People don't know about it and thus, can't prevent it.
You've got a few things you can do to help limit it though.
1) Keep your attack surface small. If you don't need 1000 ports open, 
don't open those. If something does not need to be accessed on the 
internet (but only on your internal network), limit it.
2) Use IDS to help keep trakc of what is going on.
There's of course a lot more, but I think the attack surface and 
ids+firewall is the most important.

HTH,

> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
(Continue reading)

Brandon Edmunds | 22 May 17:08 2012
Picon

Re: How to prevent zero day attacks

Amishra,

You are correct, signature based detection is a weak approach and can
be easily bypassed. Some vendors like Fireeye have tried to come up
with solutions to defend against APT, or zero day, but that all could
very well be vendor speak. I'm not sure as I don't have experience
with them, The best defense, is strong best practices things like:
-baselines (monitoring for changes in the baselines)
-log monitoring (egress and ingress)
-IDS/Firewall at the perimeter and within in the network
-patching
-user training
- Incident Response Policy
-etc

Brandon

" And in the end it's not the years in your life that count. It's the
life in your years" - Abraham Lincoln

On Tue, May 22, 2012 at 12:04 AM,  <amishra.jsr <at> gmail.com> wrote:
> Hello,
>     Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in
zero day attack. Therefore, what can be done to prevent zero-day attacks?
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
(Continue reading)

synja | 22 May 17:10 2012

Re: How to prevent zero day attacks

A layered security model. 

If browsers are run as limited users, and you set ACLs on the temp folders to deny execute permission, etc...
You've just prevented most 0day malware.

Compartmentalization of services limits the scope of compromise. You can limit the priveleges of older
software by running their services as NetworkService or LocalService instead of LocalSystem.

There are thousands of ways, but you need to define a scope and environment.

Rob
------Original Message------
From: amishra.jsr <at> gmail.com
Sender: listbounce <at> securityfocus.com
To: security-basics <at> securityfocus.com
Subject: How to prevent zero day attacks
Sent: May 22, 2012 02:04

Hello, 
     Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in zero day
attack. Therefore, what can be done to prevent zero-day attacks?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

(Continue reading)

Stephanus J Alex Taidri | 22 May 17:32 2012

Re: How to prevent zero day attacks

Seconded to Rob....

Limit the OS to run with least privilege as possible instead of
granting administrator access to normal user.
This is common for Linux OS, Mac OS and Windows 7 onwards to have apps
running with normal user privilege and required User Access Control
(UAC) to confirmed any changes that required root/admin privilege.

Train the end-users to not simply ignore any UAC pop-up window(s), to
read carefully and understand it well before accepting the action
requested. If in doubt, always train end-users to choose No/Reject as
usually there's less harm to do this.

Kind regards,
SJ Alex Taidri

On Tue, May 22, 2012 at 11:10 PM, <synja <at> synfulvisions.com> wrote:
>
> A layered security model.
>
> If browsers are run as limited users, and you set ACLs on the temp folders
> to deny execute permission, etc... You've just prevented most 0day malware.
>
> Compartmentalization of services limits the scope of compromise. You can
> limit the priveleges of older software by running their services as
> NetworkService or LocalService instead of LocalSystem.
>
> There are thousands of ways, but you need to define a scope and
> environment.
>
(Continue reading)

Michał Purzyński | 22 May 18:09 2012

Re: How to prevent zero day attacks

Are we talking about some specific systems or just generic techniques?

If generic - you've got some good answeres already. I would add - segment your networking. Assume every
system will be owned, sooner or later - and plan for it. Local firewall is nice, but when (not if) someone
will get "root/Administrator" access he will bypass it anyway. Inwest into good network design, think -
what could i do, as the attacker, after taking this machine? How would i extend my attack? Don't waste your
time & money on yet another "innovative" way of signature based detection. Are layer 2 attacks possible in
your setup, after one of the machines been taken over? What about access to another machines in your
network - how much easier it will be to extend the attack?

If we're talking about some speficic systems, enumerate them.

Windows - learn how to use EMET. Btw - i am aware of that "here's another way to bypass EMET". Most, if not all of
them are build up on a bad assumption - like, the process beeing attacked has full Administrator/Local
System privileges, with write access to debug registers. If your MSSQL can do that - you aready have a
bigger problem.

Do not trust defaults. Run services into separate accounts and give them only what they need. Same goes for
user applications, as someone has pointed out already. Get some _kernel_ enforced software that can
whitelist binaries that can be run. Use build-in things in Windows, like (parts of, at least) MAC and MIC
(Mandatory Access Control and Mandatory Integrity Control, if anyone wonders).

Linux - learn how to use PaX in a right way. How to make your executables into proper PIE. Learn some MAC system
and use it - RSBAC, for example.  Or Grsec RBAC.

0-days aren't some kind of black magic, that if it's done to your servers will make them all turn into
kitten-killing-zombies. They are ordinary exploits - made by people who know a lot more than you. Use
exploit mittigation techniques.

After all, there's not much you can do on Linux system, with PaX, with PIE binaries, NX + full ASLR enforced,
(Continue reading)

synja | 22 May 19:29 2012

Re: How to prevent zero day attacks

There are a few other things that *need* to be mentioned:

1. Make sure the asset you are protecting is worth the value of the protection.

2. If you don't know what you're doing, DO NOT add complexity. A poorly configured protection mechanism is
just as bad if not worse than nothing at all.

3. The OS usually contains the tools you need already. Learn them and make sure something is missing before
you add software.

Rob
Sent on the Sprint® Now Network from my BlackBerry®

-----Original Message-----
From: Micha Purzyski michal <at> rsbac.org
Sender: listbounce <at> securityfocus.com
Date: Tue, 22 May 2012 18:09:15 
To: <sjalex <at> taidri.com>
Cc: <synja <at> synfulvisions.com>; <amishra.jsr <at> gmail.com>; <listbounce <at> securityfocus.com>; <security-basics <at> securityfocus.com>
Subject: Re: How to prevent zero day attacks

Are we talking about some specific systems or just generic techniques?

If generic - you've got some good answeres already. I would add - segment your networking. Assume every
system will be owned, sooner or later - and plan for it. Local firewall is nice, but when (not if) someone
will get "root/Administrator" access he will bypass it anyway. Inwest into good network design, think -
what could i do, as the attacker, after taking this machine? How would i extend my attack? Don't waste your
time & money on yet another "innovative" way of signature based detection. Are layer 2 attacks possible in
your setup, after one of the machines been taken over? What about access to another machines in your
network - how much easier it will be to extend the attack?
(Continue reading)

Nathan Sherlock | 22 May 17:10 2012

Re: How to prevent zero day attacks

Nothing will prevent a zero day attack - that's why they are zero day. All zero day attacks invoke less severe
(and more obvious) events that can be monitored and caught via SIEM, file integrity monitoring tools and
IPS monitoring - of course that requires proper configuration of these security tools, specific to your
unique requirements, followed by 24/7/365 monitoring of those events by qualified analysts. The idea
here is to mitigate risk by catching the general bad activity that is taking place, and reduce the damage
caused by this activity.

Regards,
Nathan

________________________________________
From: listbounce <at> securityfocus.com on behalf of amishra.jsr <at> gmail.com
Sent: Tuesday, May 22, 2012 2:04:50 AM
To: security-basics <at> securityfocus.com
Subject: How to prevent zero day attacks

Hello,
     Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in zero day
attack. Therefore, what can be done to prevent zero-day attacks?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
(Continue reading)

Jerome Athias | 22 May 18:44 2012
Picon

RE: How to prevent zero day attacks

try to be aware of them

Envoyé à partir de mon Windows Phone
De : Michał Purzyński
Envoyé : 22/05/2012 17:20
À : sjalex <at> taidri.com
Cc : synja <at> synfulvisions.com; amishra.jsr <at> gmail.com;
listbounce <at> securityfocus.com; security-basics <at> securityfocus.com
Objet : Re: How to prevent zero day attacks
Are we talking about some specific systems or just generic techniques?

If generic - you've got some good answeres already. I would add -
segment your networking. Assume every system will be owned, sooner or
later - and plan for it. Local firewall is nice, but when (not if)
someone will get "root/Administrator" access he will bypass it anyway.
Inwest into good network design, think - what could i do, as the
attacker, after taking this machine? How would i extend my attack?
Don't waste your time & money on yet another "innovative" way of
signature based detection. Are layer 2 attacks possible in your setup,
after one of the machines been taken over? What about access to
another machines in your network - how much easier it will be to
extend the attack?

If we're talking about some speficic systems, enumerate them.

Windows - learn how to use EMET. Btw - i am aware of that "here's
another way to bypass EMET". Most, if not all of them are build up on
a bad assumption - like, the process beeing attacked has full
Administrator/Local System privileges, with write access to debug
registers. If your MSSQL can do that - you aready have a bigger
(Continue reading)

Jeffrey Walton | 22 May 21:39 2012
Picon

Re: How to prevent zero day attacks

On Tue, May 22, 2012 at 12:44 PM, Jerome Athias <athiasjerome <at> gmail.com> wrote:
> try to be aware of them
>
> Envoyé à partir de mon Windows Phone
> De : Michał Purzyński
> Envoyé : 22/05/2012 17:20
> À : sjalex <at> taidri.com
> Cc : synja <at> synfulvisions.com; amishra.jsr <at> gmail.com;
> listbounce <at> securityfocus.com; security-basics <at> securityfocus.com
> Objet : Re: How to prevent zero day attacks
> Are we talking about some specific systems or just generic techniques?
>
> If generic - you've got some good answeres already. I would add -
> segment your networking. Assume every system will be owned, sooner or
> later - and plan for it. Local firewall is nice, but when (not if)
> someone will get "root/Administrator" access he will bypass it anyway.
> Inwest into good network design, think - what could i do, as the
> attacker, after taking this machine? How would i extend my attack?
> Don't waste your time & money on yet another "innovative" way of
> signature based detection. Are layer 2 attacks possible in your setup,
> after one of the machines been taken over? What about access to
> another machines in your network - how much easier it will be to
> extend the attack?

> If we're talking about some speficic systems, enumerate them.
>
> Windows - learn how to use EMET. Btw - i am aware of that "here's
> another way to bypass EMET". Most, if not all of them are build up on
> a bad assumption - like, the process beeing attacked has full
> Administrator/Local System privileges, with write access to debug
(Continue reading)

Michał Purzyński | 22 May 23:22 2012

Re: How to prevent zero day attacks

>> If we're talking about some speficic systems, enumerate them.
>> 
>> Windows - learn how to use EMET. Btw - i am aware of that "here's
>> another way to bypass EMET". Most, if not all of them are build up on
>> a bad assumption - like, the process beeing attacked has full
>> Administrator/Local System privileges, with write access to debug
>> registers. If your MSSQL can do that - you aready have a bigger
>> problem.
> EMET is a nice tool (I don't hear it mentioned too often. Another neat
> one is BinScope, which allows you to examine platform security
> integration, such as ASLR and DEP.
> 

Just make sure it will detect EMET specific ASLR that does differ from platform one.

>> Do not trust defaults. Run services into separate accounts and give
>> them only what they need. Same goes for user applications, as someone
>> has pointed out already. Get some _kernel_ enforced software that can
>> whitelist binaries that can be run. Use build-in things in Windows,
>> like (parts of, at least) MAC and MIC (Mandatory Access Control and
>> Mandatory Integrity Control, if anyone wonders).
> So much for "Secure Out of the Box".
> 

It's secure till it stays in the box. Against remote attacks, not physical ;)

>> Linux - learn how to use PaX in a right way. How to make your
>> executables into proper PIE. Learn some MAC system and use it - RSBAC,
>> for example.  Or Grsec RBAC.
> Don't hold your breathe for --noexec-heap (unless its a hardend
(Continue reading)

David Gillett | 22 May 19:31 2012

RE: How to prevent zero day attacks

amishra.jsr <at> gmail.com [mailto:amishra.jsr <at> gmail.com] wrote:

> Traditionally all the anitvirus, IPS works using signature based
technique. This doesn't help in zero day attack. Therefore, what can be done
to prevent zero-day attacks?

  While this is the "traditional" approach, "all" may be an overstatement.
Several antivirus/antimalware solutions include a "heuristic" component
which can, if not *prevent* an attack, alert you that an application's
behavior is deviating from reasonable expectations.
  Of course, an attack detected this way needn't be a zero-day.  But since
the detection is not based on recognizing a known attack signature, it can
work as well on unknown attacks as on known ones.

David Gillett, CISSP CCNP

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

GreyHat LispHacker | 23 May 04:55 2012
Picon

Re: How to prevent zero day attacks

The following link provide a more rigorous framework for
conceptualizing security problems:

Language Theoretic Security:
http://www.cs.dartmouth.edu/~sergey/langsec/

Lesson 1: Do not provide a user with more computing power than
absolutely necessary.
Lesson 2: Security must be considered *before* implementation, not
after.  It needs to be part of the design process.
Lesson 3: Formally verify, if necessary, essential security
properties, particularly protocols and input parsers.

Most of this needs to be done by the developers and system analysts
before problems arise.

On Tue, May 22, 2012 at 2:04 AM,  <amishra.jsr <at> gmail.com> wrote:
> Hello,
>     Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in
zero day attack. Therefore, what can be done to prevent zero-day attacks?
>
> ------------------------------------------------------------------------
> Securing Apache Web Server with thawte Digital Certificate
> In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL
works, how it benefits your company and how your customers can tell if a site is secure. You will find out how
to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout,
best practices for set-up are highlighted to help you ensure efficient ongoing management of your
encryption keys and digital certificates.
>
> http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
(Continue reading)

Peter Thomas | 25 May 01:31 2012
Picon

Re: How to prevent zero day attacks

The Australian department of defence has a good resource on protecting
systems against threats for which there are no signatures available.

These are the Top 4, from a full list of 35. Implementing the Top 4
will provide a significant increase in security.

1. patch applications such as PDF readers, Microsoft Office, Java,
Flash Player and web browsers
2. patch operating system vulnerabilities
3. minimise the number of users with administrative privileges
4. use application whitelisting to help prevent malicious software and
other unapproved programs from running.

More details are available here -
http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm

Regards,

Peter
--------------------------------------------------
Security Scanning Tools On-line
Web: http://hackertarget.com/
--------------------------------------------------

On Tue, May 22, 2012 at 4:04 PM,  <amishra.jsr <at> gmail.com> wrote:
> Hello,
>     Traditionally all the anitvirus, IPS works using signature based technique. This doesn't help in
zero day attack. Therefore, what can be done to prevent zero-day attacks?
>
> ------------------------------------------------------------------------
(Continue reading)

Fábio Soto | 26 May 15:40 2012
Picon

RES: How to prevent zero day attacks

Great resource... thanks

-----Mensagem original-----
De: listbounce <at> securityfocus.com [mailto:listbounce <at> securityfocus.com] Em nome de Peter Thomas
Enviada em: quinta-feira, 24 de maio de 2012 20:31
Para: amishra.jsr <at> gmail.com
Cc: security-basics <at> securityfocus.com
Assunto: Re: How to prevent zero day attacks

The Australian department of defence has a good resource on protecting
systems against threats for which there are no signatures available.

These are the Top 4, from a full list of 35. Implementing the Top 4
will provide a significant increase in security.

1. patch applications such as PDF readers, Microsoft Office, Java,
Flash Player and web browsers
2. patch operating system vulnerabilities
3. minimise the number of users with administrative privileges
4. use application whitelisting to help prevent malicious software and
other unapproved programs from running.

More details are available here -
http://www.dsd.gov.au/infosec/top35mitigationstrategies.htm

Regards,

Peter
--------------------------------------------------
Security Scanning Tools On-line
(Continue reading)


Gmane