Plug your zero-day vulnerability gap

While a lot of time and effort goes into ensuring that networks are patched, the gap between vulnerability announcements and patch availability remains a serious and often costly issue for too many companies.

While a lot of time and effort goes into ensuring that networks are patched, the gap between vulnerability announcements and patch availability remains a serious and often costly issue for too many companies.

But by proactively managing the risks, you can strengthen general defences until those critical system patches arrive.

The first step is to take advantage of information that is available. Operating system suppliers such as Microsoft and application suppliers such as Citrix and Apple regularly release a list of known vulnerabilities that they are working on.

Vulnerability flag

This information can help reduce the risks associated with the vulnerability, which is the reason why the suppliers release it in the first place. But vulnerability alerts also attract the attention of those who craft malicious code. The industry has little choice but to be proactive in managing the risk.

Most vulnerabilities have both a known port number for network access and a recognisable pattern of attack, which is often the first information available about a given vulnerability.

Blocking a port number on the firewall is the first line of defence for reducing the risks associated with a known vulnerability. The tactic was used by many companies to counteract the Blaster worm, which used several ports to spread its malicious code.

Often a rule set for an intrusion prevention system (IPS) will also be available. Such pattern recognition rules help an IPS identify malicious network activity and shut it down before it can contaminate more systems.

By ensuring the rule set on an IPS or IDS (an intrusion detection system, which will alert you only if it detects malicious activity) is up to date, you minimise the risk of malicious activity.

While many years have passed since the ILoveYou, Melissa and BubbleBoy viruses troubled e-mail servers, unchecked e-mails remain the primary source of network contamination. Configuring the corporate spam filters is therefore another important step in protecting the network from similar attacks. Prohibiting access to online e-mail services such as Yahoo and Gmail can also reduce the quantity of spam.

However, unless you inform all staff of the dangers posed by malicious code, an employee may unwittingly cause an infection despite the best efforts of the security professionals. It is crucial that end-users know how to use the internet safely, and how to recognise phishing websites and e-mails.

Educating employees about these types of attacks and alerting them to dangers as they arise is now an essential step in securing the organisation.

Such measures should be part of a formalised procedure for addressing the risks associated with a vulnerability. Figuring out how to react to a situation can otherwise be a time-consuming process. Much of the stress associated with a vulnerability is due to questions from management, such as what are we doing about this?, how does it affect us?, and who is working on this?

Pre-patch routine

When a vulnerability alert is released, your job is to stay on top of developing events, train employees not to fall victim to the scams and actively manage risks on the network - and then apply the patch as soon as it is available.

Proper risk management of unpatched system vulnerabilities is as essential to maintaining network integrity as the patches themselves.

This was last published in July 2008

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.






  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...