Which security practices can lower exposure to zero-day attacks?

Which security practices can lower exposure to zero-day attacks?

I'm attempting to proactively thwart zero-day attacks on my network. Can I prevent zero-day attacks with a combination of good security practices, VLAN network segmentation and an NAC system?

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

As you probably know, it's never possible to completely prevent zero-day attacks. However, the controls you mention are a good start toward dramatically reducing the risks. Let's expand a bit on "good security practices" and look at some of the particular management practices that can lower your exposure to zero-day exploits:

  • Firewalls play a vital role in preventing zero-day attacks. Use them to protect the perimeter of your network from unsolicited traffic. You should also use host-based firewalls (such as Windows Firewall) to limit the inbound connections allowed to each system on your network. Ideally, most systems (e.g. workstations) will not allow any inbound connections.

  • Patch management is also critical. Many zero-day attacks are simply novel exploits of a previously known vulnerability. If you keep your operating systems and applications patched, you'll be immune from the vast majority of zero-day exploits.

  • Antivirus software and intrusion detection systems may not help with true zero-day attacks, but they play a valuable role in protecting your network from known issues. Don't neglect them when planning your security infrastructure.

    • I hope this helps you plan and implement your network security controls. Good luck in your battle to secure your enterprise information assets!

    More information:

  • Learn about ten emerging malware trends that you should be aware of.
  • See how zero-day attacks may lead to poor patch testing.

    • This was first published in February 2007

    Join the conversationComment

    Share
    Comments

      Results

      Contribute to the conversation

      All fields are required. Comments will appear at the bottom of the article.
      Back to top