Magazine article Technology & Learning

How To: Protect against a Zero-Hour Attack

Magazine article Technology & Learning

How To: Protect against a Zero-Hour Attack

Article excerpt

In the last year, a series of viruses and worms that caused damage across the Internet in record time has made very clear how vulnerable our computer systems are. The MS Blaster, Slammer, Sasser, and Korgo.W worms have shown that signature-based antivirus software and traditional firewalls are not enough to protect networks. Everyone is worried about a zero-hour attack--an attack based on a previously unknown vulnerability and completely immune to antivirus software. What can you do to protect your network from such an event? Here are a few ideas:

Use file integrity checking.

File integrity checking tells you if the software you think you have installed on your network is actually what it is supposed to be. There are a number of free utilities to do this--Tripwire is the best known among them. Traditionally, file integrity checking is used is to identify recent changes on a PC. That way, when things go desperately wrong you can try to back out of the latest changes. File integrity checking is also useful for discovering spyware and viruses your antivirus software has missed.

Run new or unknown software in a sandbox.

A new generation of antivirus software extends file integrity checking by making unknown software run in a "sandbox." This form of isolation prevents viruses or worms from propagating unless they can trick a known program into doing the work for them. Using this technique, new or unknown programs are not allowed to do the following things:

* Talk on the network

* Run at your full security access

* Write to another EXE or DLL file

* Write to another processes' memory

* Modify critical registry entries

* Execute other programs

Another way to develop a sandbox is by using Microsoft's Active Directory to keep users from installing anything new. Any new software is then carefully checked by the network administrator before it is installed on the rest of the network. …

Search by... Author
Show... All Results Primary Sources Peer-reviewed


An unknown error has occurred. Please click the button below to reload the page. If the problem persists, please try again in a little while.