TermPaperWarehouse.com - Free Term Papers, Essays and Research Documents

The Research Paper Factory

Free Essay

Zero-Day Vulnerability

In:

Submitted By
Words 1078
Pages 5
Software vulnerability

Chenestina Qiu

Networking 2

Period: 7

A zero day vulnerability refers to a hole in software that is unknown to the vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it—this exploit is called a zero day attack. Uses of zero day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.
In order for the vendor to rectify the vulnerability, the software company must release a patch. Often patches are released on a regular basis, one example being Microsoft’s Patch Tuesday. On the second Tuesday of each month, Microsoft releases security fixes that resolve identified holes. If, however, a critical vulnerability is discovered, a patch may be released outside of schedule.

Browsers are similarly vulnerable; it’s a good idea to update your browser often, for updated security as well as features. To check if any updates are available for your browser of choice, open the browser and click either “Help” or the browser name, depending on which browser you’re using. A quick online search will provide step-by-step instructions. Alternately, you could set up automatic updates, again, depending on browser. Zero day vulnerabilities can be serious security risks. When searching for an appropriate antivirus solution, look for security software that protects against both known and unknown threats.

Just for a moment, think about the end game for an enterprise Chief Security Officer – it would be the day when all the systems are protected 24/7 from viruses, trojans, worms, and hackers stealing data or destroying it or launching denial of service or buffer-overflow attacks. The CSO ideally would like protection from all this without having to react very urgently in any case. Until that happens, enterprises would constantly buy various products that promise to achieve the desired levels of protection. Enterprises would love to be in a situation where they have Zero-Day protection, without having to jump out of bed and rush to office to update signatures or be on the phone trying to rectify an infected system. In short, they would prefer proactive protection that is “always on” rather than reactive protection that requires manual intervention.

There are a few trends that are driving the market towards proactive protection. The first is a gradual transition of the security market towards products that promise “intrusion prevention”. I use this term loosely since there are very few real intrusion prevention systems in the market today. Most security product vendors merely provide intrusion detection (IDS) with limited ability for automatic action. Considering the limited capacity to prevent attacks proactively, it is almost certain that IDS technology would almost surely be history in a very short period. Enterprises are increasingly looking for a reliable and comprehensive IPS package that can be trusted to stop the viruses rather than an alert about an intrusion into the network.

Intrusion prevention (IPS) technologies could be either network-based or host-based, and serve different purposes. In both models, the IPS is looking for known and unknown patterns of attacks including signatures, behavior anomalies, using rule-based engines that can learn “normal traffic” and recognize “abnormal traffic”. There already exist intrusion prevention systems that support gigabit networks with low latency in this newly maturing market.

The second trend is the commoditization of anti-virus software, and AV products on desktops and servers moving upwards in the value chain to include minimal desktop firewall and IPS characteristics. It is not far from the day when plain anti-virus products would cease to exist for enterprises and even consumers. The idea is to protect a system from multiple threats including viruses, buffer-overflow attacks, unwanted programs or spy-ware, block illegal access of servers and other such threats that target a system regardless of whether it is in an enterprise or at home.

One of the biggest challenges facing security teams today is staying up-to-date on the ever-changing security threat landscape. Cyber criminals now have access to a massive arsenal of zero-day vulnerabilities, and they are being sold on the open market to the highest bidder. And according to Verisign I Defense research, over 80% of those zero-day vulnerabilities detected are classified as “high severity.”

Knowing that the zero-day market place is thriving changes the dialogue from “zero-days are too rare and infrequent to spend time on,” to “they are already here and you might just not know it.” It’s no longer a question of if you will encounter zero-days, but how do you plan to locate, prioritize and remediate the ones already knocking on your door. The only defense is having advanced knowledge of exactly which attacks are most likely to be successfully launched against your environment and leveraging a risk-based prioritization method to shrink your attack surface.

Zero-day vulnerabilities, which are exploited in the wild and affect a widely used piece of software, are relatively rare; there were approximately eight in 2011. The past few months however has seen four such zero day vulnerabilities actively exploited in the wild. Two of the zero-day exploits were in Adobe Flash, the other two in Internet Explorer. In April 2012, we identified seven different Trojans that were being used in conjunction with CVE-2012-0779. Within one month, two more zero-day exploits were identified in the wild. These were CVE-2012-1875 and CVE- 2012-1889. The timing of the release of these three exploits was suspicious. As soon as one had been identified, the next became active. We investigated the three exploits and found connections between them all. In the past few weeks, yet another zero-day exploit was detected in the wild, CVE-2012-1535. We have tied this zero-day exploit back to all the others. They may only be the tip of the iceberg. In early 2010, Google documented an attack against their infrastructure. They stated that they were attacked in December 2009 and that the attacks originated in China. The attackers utilized a Trojan called Hydraq, (also known as Aurora), which was delivered using an Internet Explorer zero-day exploit. We believe the Hydraq attack.
References
https://www.kennasecurity.com www.pctools.com www.siliconindia.com