Story image

The Zero Day challenge

11 Jan 13

Just how lucrative is the internet crime market? Very; information is digital gold and hackers can get paid up to $200 per password.

Indeed, ‘Black hat’ hackers are becoming incredibly sophisticated at finding new vulnerabilities and exploiting them before the security community can react.

It can take less than a second to compromise a single machine and may take up to several days to come up with a patch.

Compromised machines aren’t just theoretical. They’re a reality. An entire underground economy has risen around compromised machines.

Access to ‘owned’ servers, services for launching phishing schemes, rental botnets for spam runs, and malware creation services are all advertised for a fee. These in turn support a marketplace for stolen identities, compromised bank accounts and credit card numbers.

Take, for example, the recent case of the Grum spam botnet that was eventually taken down in mid-July 2012.

This botnet housed over 136,000 internet addresses, could send up to 18 billion spam emails a day and by advertising rogue pharmacies and DHL delivery notifications, had collected up to 1.3 million orders with customer information on its control server .

To service this underground economy, the hacker isn’t usually after the data on the computer, but the computer itself and the ability to control it. It could be used as a platform for launching criminal attacks on other, higher-value computers.

It won’t happen to me....really?

Like many of us, you may also think, ‘this won’t happen to me’ or ‘why would they target me’?

Businesses and individuals who are complacent about their security constitute the bread and butter of the organised crime underworld.

Take for instance the recent security breach at the White House at the end of September 2012, where it was reported that hackers linked to China’s government has broken into a system used by White House military for nuclear commands.

In recent times, there have been a few notable zero day exploits, such as the serious new zero day vulnerability in the Internet Explorer (IE) in September 2012. A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

There are zero days between the time the vulnerability is discovered and the first attack.

Meeting the Zero Day Challenge

A conventional reactive security stance, based on packet filters and signatures, is powerless against a new generation of sophisticated zero day attacks.

What’s required are two pillars: Application proxy firewalls and a multi-faceted detection strategy, termed ‘intelligent layered security’.

Understanding how these defenses work separately and in concert is the key to understanding how true zero day protection can be achieved.

Application Proxy Firewalls are designed to recognise good traffic, allow it, and block everything else. This approach blocks whole classes of attacks.

To obtain this level of protection, an application proxy firewall doesn't simply look at the packet as it flies by. It disassembles the packet, rebuilds and re-sends it. It’s called a ‘proxy’ because it handles the connections on behalf of the source and destination machines.

At the endpoints, the session proceeds as though each machine is communicating directly with the other. In fact, each is communicating with the firewall.

More on the proxy firewall

The critical security difference between a packet-based and application proxy firewall is understood by considering at the seven- layer OSI model.

A packet inspection firewall can only take action based on the first three layers of the model. By comparison, an application proxy firewall has the capability to inspect all seven layers and take action based on the topmost (application) layer, where most zero day threats reside.

The intelligent layered security approach allows a firewall to deliver the full zero day protection of an application proxy, with limited impact on network performance.

Depending on the port and protocol, only a few checks are needed for most packets.

While there are no automated tools or documented steps for cleanup after a zero day attack, the best defence against such attacks is ensuring that systems are tested within a Metasploit framework (an open source attack simulator) and using application proxy firewalls with intelligent layered security.

Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Platform9 aims to allow enterprises to run Kubernetes instantly
Snapfish, HPE, and Juniper use Platform9’s hybrid cloud solution to deliver a modern cloud infrastructure-as-a-service experience.
DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.