By: Dr. Michael J. Garbade
August 9, 2018
5 Best Practices to Mitigate Zero-Day Exploits
By: Dr. Michael J. Garbade
August 9, 2018
Zero-day exploits are serious security loopholes that are exploited within the same day they are exposed. They are aptly named “zero day” because the network administrators have zero days to fix the security flaw, which could have already been exploited.
JPolansky, who has more than four years of cyber security experience and currently teaches people how to perform network analysis, says that “zero-day exploits in business environments are a cause of concern since some threats happen so quickly and have no available immediate fixes.”
In fact, the use of traditional firewalls and antivirus software to prevent malicious intrusion in the network may fail to protect it from the newly, unknown instigated threats.
However, there are best practices that an organization can put in place for zero-day attack prevention.
Here are five of the best practices on how to mitigate zero-day attacks.
1. Limit the Use of Email Attachments
Networks where users are likely to unknowingly engage in sending or receiving malicious email attachments are often prone to hacking. Hackers usually use the attachments as bait, prompting users to click on dangerous documents in the emails.
To ensure they operate in safe customer environments, companies should review their policies and tightly restrict email attachments by filtering them out.
The incoming and outgoing emails should be sifted for any JPEG, GIF, WMV, or any other attachment types before determining which ones to allow or dismiss.
Hackers tend to hide malicious code in attachments, which can compromise the network’s security when opened by an unsuspecting user.
Only attachments with the agreed extensions should then be permitted in the network. This will eliminate any zero-day exploits, since attachments that fail to meet the agreed criteria are dismissed on arrival.
Furthermore, deactivating HTML emails is also an important technique in defense against zero-day attacks.
To deliver threats and attacks on a company’s network, hackers can hide malicious code in HTML emails before sending them out.
The HTML emails can also be used to lure users to click on URL links leading to phishing sites, thus increasing the risks of zero-day exploits.
It is advisable, therefore, to inactivate HTML to mitigate such risks.
2. Look Out For Anomalous Activity
Any irregular activity on your computing infrastructure should raise a red flag.
The use of virus signatures only is not sufficient to protect the network from intrusion or to detect threats in the system; therefore, it is advisable to implement several tools to detect any inconsistencies.
For example, controlling how your system connects or communicates with other systems within the network can help in restricting any damage that may occur in the case of zero-day exploits.
Based on the company’s requirements, there should be rules that elaborate on how and which systems can connect and the extent to which various parts of the system can be accessed.
This prevents any infections from spreading within the network if it comes under attack. The network intelligence should be in a position to quickly detect zero-day exploits for better response.
3. Sift Through Outbound Traffic
As much as checking the traffic coming into the network is important, inspecting what’s going out of your network also plays a big role in mitigating attacks.
Hackers and other attackers tend to install bot programs and Trojans on outgoing transfers or connections to capture and alter instructions to a remote system for different courses of action.
Installing firewalls and outbound proxies will help in detecting and blocking such connections. Preventing bots and Trojans from issuing the alternate instructions can mitigate zero-day exploits.
Companies should set up perimeters that allow specific inbound traffic and deny and block any outbound connections on the router by default.
For example, the activity log on the router in relation to inbound and outbound traffic over a period of time should be sufficient in determining what traffic should be permitted and what should be disallowed.4. Establish Robust Preventive Security Procedures
In addition to conducting vulnerability scans on a regular basis, it is important to use blacklisting software to lock out any malicious activities and whitelist sites that pose no threats.
Furthermore, proper user education, content filtering of ANI files, and using updated antivirus software are other preventive methods that can help in mitigating zero-day exploits.
5. Develop Disaster Recovery Measures
Since zero-day exploits happen rapidly, it is necessary to establish comprehensive procedures that can be followed to recover from damages whenever the attack occurs or mitigate the threats once they are detected.
Final WordZero-day attacks and prevention strategies cannot be limited to the above procedures. As attackers and hackers devise ways of attacking vulnerable networks, IT professionals should also learn new techniques for keeping their networks safe from threats.
Cyber security experts should work towards setting up multiple controls in layers across networks to prevent attackers from accessing the systems from different devices.
Enacting robust security measures that look into the nitty-gritty of all the devices accessing a network can help in mitigating zero-day exploits and protecting organizations from potential threats.