Problem solve Get help with specific problems with your technologies, process and projects.

Which security practices can lower exposure to zero-day attacks?

It's never possible to completely prevent zero-day attacks, but in this SearchSecurity.com Q&A, network security expert Mike Chapple reveals which tools can provide significant protection from such threats.

I'm attempting to proactively thwart zero-day attacks on my network. Can I prevent zero-day attacks with a combination of good security practices, VLAN network segmentation and an NAC system?
As you probably know, it's never possible to completely prevent zero-day attacks. However, the controls you mention are a good start toward dramatically reducing the risks. Let's expand a bit on "good security practices" and look at some of the particular management practices that can lower your exposure to zero-day exploits:

  • Firewalls play a vital role in preventing zero-day attacks. Use them to protect the perimeter of your network from unsolicited traffic. You should also use host-based firewalls (such as Windows Firewall) to limit the inbound connections allowed to each system on your network. Ideally, most systems (e.g. workstations) will not allow any inbound connections.
  • Patch management is also critical. Many zero-day attacks are simply novel exploits of a previously known vulnerability. If you keep your operating systems and applications patched, you'll be immune from the vast majority of zero-day exploits.
  • Antivirus software and intrusion detection systems may not help with true zero-day attacks, but they play a valuable role in protecting your network from known issues. Don't neglect them when planning your security infrastructure.
  • I hope this helps you plan and implement your network security controls. Good luck in your battle to secure your enterprise information assets!

    More information:

  • Learn about ten emerging malware trends that you should be aware of.
  • See how zero-day attacks may lead to poor patch testing.
  • This was last published in February 2007

    Dig Deeper on Emerging cyberattacks and threats

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    Please create a username to comment.