You have a firewall, and every exit-entry point of your network is secured. You regularly update your anti-virus and operating system for patches. You have good spam filters that will not allow any spammers to inject into the network.
You have an innovative and robust password setting that changes every fortnight. Moreover, you do not allow any foreign machine to enter your network until it’s scanned thoroughly. These are enough reasons to lull you into believing that you are well and very secure. Aren’t They?
I am not scaring you but making you aware of what you will do in a scenario when there is a new worm for which no anti-virus updates and no firewall is ready to stop it. They are new, and there are no known updates about them. Welcome to the world of Zero Day Attack.
What are ZDE and ZDA?
Irrespective of brand, type, and technology, every application or device has some known or some not known security loopholes or bug which can compromise security. Now some organizations or individuals hunt for this kind of vulnerability. When they find they release it publicly. Now, what happens?
The main motive of these guys is to make things more secure and add to the development of the application. But when the underground world knows about the flaw, they will start creating exploits to gain some advantage.
The time between the creation of the exploit and public availability of its patch is called ZDE or Zero Day Attack, and any attack that happens using such a flaw which happens using such an exploit is called a Zero Day Attack or ZDA
The image below shows the time life of ZDA. I should explain what I was talking about above.
Why should I care?
Security is a primary concern in every organization. Nobody wants their product or organization to fail because of these hacks. They already have much investment in fighting against them. You should care because you don’t want to lose your business. You don’t want to lose customers because they lost.
What should I do?
Now that’s a million-dollar question. I will be doing a little bit analysis on this and carry the discussion to the next post. I don’t want to make this post so long they you end up in forgetting what you have read till now.
There could be many ways of fighting the zero-day attack. One of the most common way is called as Fuzzing, which I would cover in next post of this series. I think some of them can be useful for any site listed below.
- Keep track of news on exploits. There are news groups and organizations which keep on hunting them.
- In case of an exploit discovered, first tighten up your security in terms of avoiding things which can invite the bug.Like if there is a problem with a word document, avoid opening unknown documents which you receive
- Secondly, contact the product owners and confirm if they have started creating a patch or not.
- Keep your organization updated about any new threats that are discovered. Educate them about these things so even they can report a bug if found.
- Now Fuzzing, Its like an activity where you self test the product and try to inject inputs with every combination to find out the vulnerability, so you can keep track of them ahead of time. There are a lot of fuzzers available, which I will be covering in the next post.
I hope you liked this small post. I will be finishing it in the next post. You can read one more article on Phishing Email and Mobile till then.