Welcome back to the series on Zero Day Attack. If you have come directly to this post, I recommend you go through the previous posts What is a Zero Day Attack Part one and About Fuzzers part two (on application firewalls). In this final post, we will look into Web Server Protection.
Web Server Protection:
Remember famous worms like Code Red and Nimda that attacked web servers and caused plenty of damage? Network security is becoming harder to penetrate because of firewalls, IDS devices, and secure gateways. Hackers have changed their target to Web Applications.
So even though the organizations have enough protection and firewalls to stop them, the application running on those servers can still be hacked. Some of the software I found using search engines and reviews are listed below.
WebApp.secure:
This software is for web server hardening and web application security. It uses intelligent website technology to recognize and enforce a website’s intended use guidelines. Any activity on the web application that does not meet the guidelines is automatically blocked and reported. Thus, it can protect against a zero-day attack.
This anti-malware software. It can run along with your anti-virus, firewall, etc. This works by learning the system’s behavior and having a list of current malware. When it runs for the first time, it scans and catalogs all the executables on the system and verifies them against the online database list. Thus, it needs constant online access. Any unusual activity found after that is directly reported to the central server maintained by the online community. It keeps scanning and rescanning; if it finds the activity malicious, it’s blocked. This software is beneficial as the list of malware is maintained in the central database. Thus, any malware detected somewhere else can also be caught.
It works on similar lines as Akismet is used for WordPress.If any comment is caught in spam, it is reported to a central server. Thus, benefiting all the WordPress users before they get infected.
Some other similar applications are listed below:
- Microsoft HoneyMonkey. This intent is to stop attacks that use web servers to exploit unpatched browser vulnerabilities and that install software on users’ systems.
- Watchguard This can provide against even unsigned viruses.
- Symantec Critical System Protection This can protect policy-based rules for both desktops and servers.
The zero-day attacks will not stop as the bugs in the software will never end. So the only good thing is to be brighter on our side. Please choose one of the products as it fits you. Consult people around you and choose the right product.
This series was to make you aware of the Zero Day attack and its concept. I hope it helps.
