A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. There are zero days between the time the vulnerability is discovered and the first attack.

Ordinarily, when someone detects that a software program contains a potential security issue, that person or company will notify the software company (and sometimes the world at large) so that action can be taken. Given time, the software company can fix the code and distribute a patch or software update. Even if potential attackers hear about the vulnerability, it may take them some time to exploit it; meanwhile, the fix will hopefully become available first.

Sometimes, however, a hacker may be the first to discover the vulnerability. Since the vulnerability isn't known in advance, there is no way to guard against the exploit before it happens. Companies exposed to such exploits can, however, institute procedures for early detection:

• Use virtual LANs (IPsec) to protect the contents of individual transmissions.
• Deploy an intrusion detection system (stateful firewall.
• Introduce network access control to prevent rogue machines from gaining access to the wire.
• Lock down wireless access points and use a security scheme like Wi-Fi Protected Access or WPA2 for maximum protection against wireless-based attacks.

15 Jul 2010