Welcome back to the series on Zero Day Attack, If you have come directly to this post I would recommend you to go through the previous posts What is a Zero Day Attack Part one and About Fuzzers part two (on application firewalls). In this final post we will look into Web Server Protection.
Web Server Protection:
Remember famous worms like Code Red and Nimda that attacked web servers and cause plenty of damage? As network security is becoming harder to penetrate because of firewalls, IDS devices and secure gateways. Hackers have changed their target to Web Applications.
So even though the organizations have enough protection and firewalls to stop them but still the application that is running on those servers can be hacked. Some of the software I found using search engines and reviews are listed below.
This software for web server hardening and web application security. It uses intelligent web/insite technology to recognize and enforce a website’s intended use guidelines. If any activity happening on web application does not meet the guidelines, is automatically blocked and reported. Thus, it can provide protection against a zero day attack.
This anti-malware software. It can run along with your anti virus, firewall etc. This works by learning the behavior of the system and also has a list of the current malware present. When it runs for the first time, it scans and catalogs all the executable on the system and verifies them against the online database list. Thus, it needs a constant online access. Any unusual activity found after that is directly reported to the central server which is maintained by the online community. It keeps on scanning and rescanning, and if it finds the activity to be malicious, its blocked. This software is particularly more useful as the list of malware is maintained in the central database. Thus, any malware detected somewhere else can also be caught.
It works on similar lines as Akismet is used for WordPress.If any comment is caught in spam, it is reported to a central server. Thus, benefiting all the wordpress users before they get infected.
The tutorial of this software is here. They have given a very nice explanation.
Some other similar kind of application are listed below:
- Microsoft HoneyMonkey . This intent is to stop attacks that use webservers to exploit unpatched browser vulnerability and that install software on users system.
- Watchguard This can provide against even unsigned viruses.
- Symantec Critical System Protection This can provide protection through policy based rules to both desktop and severs.
Zero day attack will not stop as the bugs in the software will never end. So the only things which is good is to be smarter on our side. Choose one of the products as it fits for you. Consult people around you and choose the right product.
This series was to make you aware of the Zero Day attack and its concept. Hope it helps. This series was to make you aware of the Zero Day attack and its concept. Hope it helps.