You have firewall and each and every exit -entry point of your network is secured.You regularly update your anti virus and operating system for patches.You have good spam filters than will not allow any spammers to inject into the network.
You have smart and strong password setting that change every fortnight.Moreover you do not allow any foreign machine to enter your network unless and until it’s scanned thoroughly.These are enough reasons to lull you into believing that you are well and very secured.Aren’t They?
I am not scaring you but making you aware what you will do in a scenario when there is a new worm for which no anti virus updates and no firewall is ready to stop it.The reason well they are new and there is no known updates about.Welcome to the world of Zero Day Attack.
What is ZDE and ZDA ?
Irrespective of brand, type and technology, each and every application or devices have some known or some not known security loop holes or bug which can lead to a compromise in security.Now there are organization or individuals who hunt for these kind of vulnerability .When they find they release it publicly.Now what happens?
The main motive of these guys is to make things more secure and add to the development of the application. But when the underground world come to know about the flaw, they will start creating exploits to get some advantage out it.
The time between creation of the exploit and public availability of its patch is called ZDE or Zero Day Attack, and any attack that happens using such flaw which happens using such an exploit is called a Zero Day Attack or ZDA
The image below shows the time life of ZDA.Should explain what i was talking above.
Why should I care ?
Security is a primary concern in every organization.Nobody wants there product or organization to fail because of these hacks.They have already much investment to fight against them.Why you should care is because you don’t want to loose your business.You don’t want to loose customers because they lost money as you never took care of security.
What should I do ?
Now that’s a million dollar question.I will be doing a little bit analysis on this and carry the discussion to the next post.I don’t want to make this post so long they you end up in forgetting what you have read till now.
There could be many ways of fighting the zero day attack.One of the most common way is called as Fuzzing, which I would cover in next post of this series.Some of them which I think can be useful for any site is listed below.
- Keep track of news on exploits.There are news groups and organization which keep on hunting them.
- In case of an exploit discovered, first tighten up your security in terms of avoiding things which can invite the bug.Like if there is problem in word document, avoid opening unknown documents which you receive
- Secondly contact the product owners and confirm if they have started creating a patch or not.
- Keep your organization updated about any new threats that are discovered.Educate them about these things so even they can report a bug if found.
- Now Fuzzing, Its like an activity where you self test the product and try to inject inputs with every combination to find out the vulnerability, so you can keep track of them ahead of time.There are lot of fuzzers available which I will be covering in the next post.
I hope you liked this small post.I will be finishing it in next post.You can read one more article on Phishing Email and Mobile till then.