Story image

The Zero Day challenge

11 Jan 2013

Just how lucrative is the internet crime market? Very; information is digital gold and hackers can get paid up to $200 per password.

Indeed, ‘Black hat’ hackers are becoming incredibly sophisticated at finding new vulnerabilities and exploiting them before the security community can react.

It can take less than a second to compromise a single machine and may take up to several days to come up with a patch.

Compromised machines aren’t just theoretical. They’re a reality. An entire underground economy has risen around compromised machines.

Access to ‘owned’ servers, services for launching phishing schemes, rental botnets for spam runs, and malware creation services are all advertised for a fee. These in turn support a marketplace for stolen identities, compromised bank accounts and credit card numbers.

Take, for example, the recent case of the Grum spam botnet that was eventually taken down in mid-July 2012.

This botnet housed over 136,000 internet addresses, could send up to 18 billion spam emails a day and by advertising rogue pharmacies and DHL delivery notifications, had collected up to 1.3 million orders with customer information on its control server .

To service this underground economy, the hacker isn’t usually after the data on the computer, but the computer itself and the ability to control it. It could be used as a platform for launching criminal attacks on other, higher-value computers.

It won’t happen to me....really?

Like many of us, you may also think, ‘this won’t happen to me’ or ‘why would they target me’?

Businesses and individuals who are complacent about their security constitute the bread and butter of the organised crime underworld.

Take for instance the recent security breach at the White House at the end of September 2012, where it was reported that hackers linked to China’s government has broken into a system used by White House military for nuclear commands.

In recent times, there have been a few notable zero day exploits, such as the serious new zero day vulnerability in the Internet Explorer (IE) in September 2012. A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known.

There are zero days between the time the vulnerability is discovered and the first attack.

Meeting the Zero Day Challenge

A conventional reactive security stance, based on packet filters and signatures, is powerless against a new generation of sophisticated zero day attacks.

What’s required are two pillars: Application proxy firewalls and a multi-faceted detection strategy, termed ‘intelligent layered security’.

Understanding how these defenses work separately and in concert is the key to understanding how true zero day protection can be achieved.

Application Proxy Firewalls are designed to recognise good traffic, allow it, and block everything else. This approach blocks whole classes of attacks.

To obtain this level of protection, an application proxy firewall doesn't simply look at the packet as it flies by. It disassembles the packet, rebuilds and re-sends it. It’s called a ‘proxy’ because it handles the connections on behalf of the source and destination machines.

At the endpoints, the session proceeds as though each machine is communicating directly with the other. In fact, each is communicating with the firewall.

More on the proxy firewall

The critical security difference between a packet-based and application proxy firewall is understood by considering at the seven- layer OSI model.

A packet inspection firewall can only take action based on the first three layers of the model. By comparison, an application proxy firewall has the capability to inspect all seven layers and take action based on the topmost (application) layer, where most zero day threats reside.

The intelligent layered security approach allows a firewall to deliver the full zero day protection of an application proxy, with limited impact on network performance.

Depending on the port and protocol, only a few checks are needed for most packets.

While there are no automated tools or documented steps for cleanup after a zero day attack, the best defence against such attacks is ensuring that systems are tested within a Metasploit framework (an open source attack simulator) and using application proxy firewalls with intelligent layered security.

How Dell EMC and NVIDIA aim to simplify the AI data centre
Businesses are realising they need AI at scale, and so enterprise IT teams are increasingly inserting themselves into their company’s AI agenda. 
Orange Belgium opens 1,000 sqm Antwerp data centre
It consists of more than 500 high-density 52 unit racks, installed on the equivalent of 12 tennis courts.
Time to build tech on the automobile, not the horse and cart
Nutanix’s Jeff Smith believes one of the core problems of businesses struggling to digitally ‘transform’ lies in the infrastructure they use, the data centre.
Cloud providers increasingly jumping into gaming market
Aa number of major cloud service providers are uniquely placed to capitalise on the lucrative cloud gaming market.
Intel building US’s first exascale supercomputer
Intel and the Department of Energy are building potentially the world’s first exascale supercomputer, capable of a quintillion calculations per second.
NVIDIA announces enterprise servers optimised for data science
“The rapid adoption of T4 on the world’s most popular business servers signals the start of a new era in enterprise computing."
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.
Storage is all the rage, and SmartNICs are the key
Mellanox’s Kevin Deierling shares the results from a new survey that identifies the key role of the network in boosting data centre performance.