
	Home > Ask the Security Experts > Network Security Questions & Answers > Which security practices can lower exposure to zero-day attacks?

Ask The Security Expert: Questions & Answers

EMAIL THIS

Which security practices can lower exposure to zero-day attacks?

EXPERT RESPONSE FROM: Mike Chapple

		Pose a Question

		Other Security Categories

		Meet all Security Experts
		Become an Expert for this site

Digg This!

StumbleUpon

Del.icio.us

QUESTION POSED ON: 10 December 2006
I'm attempting to proactively thwart zero-day attacks on my network. Can I prevent zero-day attacks with a combination of good security practices, VLAN network segmentation and an NAC system?

EXPERT RESPONSE
As you probably know, it's never possible to completely prevent zero-day attacks. However, the controls you mention are a good start toward dramatically reducing the risks. Let's expand a bit on "good security practices" and look at some of the particular management practices that can lower your exposure to zero-day exploits:

Firewalls play a vital role in preventing zero-day attacks. Use them to protect the perimeter of your network from unsolicited traffic. You should also use host-based firewalls (such as Windows Firewall) to limit the inbound connections allowed to each system on your network. Ideally, most systems (e.g. workstations) will not allow any inbound connections.

Patch management is also critical. Many zero-day attacks are simply novel exploits of a previously known vulnerability. If you keep your operating systems and applications patched, you'll be immune from the vast majority of zero-day exploits.

Antivirus software and intrusion detection systems may not help with true zero-day attacks, but they play a valuable role in protecting your network from known issues. Don't neglect them when planning your security infrastructure.

I hope this helps you plan and implement your network security controls. Good luck in your battle to secure your enterprise information assets!

More information:

Learn about ten emerging malware trends that you should be aware of.

See how zero-day attacks may lead to poor patch testing.

Digg This!

StumbleUpon

Del.icio.us

RELATED CONTENT

	Network Security
	Is it possible to allow select access to IP addresses using Windows Server 2003?
	Is an IPsec VPN necessary when connecting remote servers that process financial transactions?
	What are best practices for creating an IDS and maintaining a signature database?
	What are the best ways to hide system information from network scanning software?
	What are the security risks of opening all the ports on an internal router?
	Will Cisco's plan to open access to the IOS improve network security?
	Will VoIP attacks result in more than just spam?
	Should enterprises implement a mandatory iPhone VPN?
	Will organizations that lag behind on IPv6 adoption have greater security risks?
	Should iPhone email be sent without SSL encryption?

Emerging Information Security Threats

Linux systems actively targeted using SSH key attacks

Adobe investigates clipboard hijackings

How to patch Kaminsky's DNS vulnerability

Researchers use browser to elude Vista memory protections

Hacking techniques compromise Windows Vista heap

Kaminsky: DNS flaw capable of attacks on many fronts

Hoffman to demonstrate new hacking techniques

Black Hat Las Vegas 2008: News, podcasts and videos

DNS flaw handling leaves Kaminsky pleased

DNS exploit code released by Metasploit founder

Patch Management

Microsoft Baseline Security Analyzer: Do updates offer improved Windows security?

Microsoft patches critical Access, Excel flaws

Inside MSRC: Microsoft addresses critical Snapshot Viewer flaw

Microsoft to issue seven critical August patches

Microsoft to revamp patching, add exploitability index

Valuable lesson emerges from DNS flaw handling

Oracle releases 45 database, application fixes

Microsoft issues DNS, SQL Server updates

Inside MSRC: Microsoft issues guidance on DNS server update

Microsoft to issue Windows, SQL Server updates

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

DNS rebinding attack (SearchSecurity.com)

drive-by pharming (SearchSecurity.com)

JavaScript hijacking (SearchSecurity.com)

man in the browser (SearchSecurity.com)

phlashing (SearchSecurity.com)

polymorphic malware (SearchSecurity.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.

Browse our Expert Advice
Operating Systems IT Management Networking Database	Security Servers and Storage Applications and Development Career Center

Find Security Solutions for Your Business
Targeted Security Channel Tips for Resellers, Integrators and Consultants

View this month\\'s issue and subscribe today.

Apply online for free conference admission.

SEARCH :

Advanced Search | Site Index

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Reprints \| Site Map All Rights Reserved, Copyright 2003 - 2008, TechTarget \| Read our Privacy Policy