Introduction
Zero day or zero hour threats, are threats that exploit new or previously unknown vulnerabilities in computer applications. The attack therefore occurs in zero days/zero hours of awareness of its existence. Developers of the threat exploit vulnerabilities unknown to the developers of the targeted software. These threats, unfortunately, are difficult to analyze since no data about them is available until after the attack. In addition, and owing to rarity of their occurrence, their observation in honey pots and experiments in labs is highly unlikely. Zero day threats easily pass through signature-based defenses undetected and as such, are an increasing threat to corporate organizations’ network systems.
Most detection systems utilize signatures in developing their protection packages. Signatures are the effective identifying units of the computer code used in launching attacks. While signature based protection is an important element of cyber safety, it is ill equipped to handle zero day attacks. After the release of a zero day attack, security companies relying on signatures are in a race to sample the threat, build a signature against it, test it and ultimately distribute it. The period between the release of the threat and installation of the protective signature by the end users is the window of vulnerability.
Zero day attacks are in a majority of cases managed after their identification in systems. However, there exist advanced systems of managing zero day attacks that promise improved protection and minimal propagation of the threat. One such system is the ‘unknown vulnerability management process’ which involves four phases as follows.
- Threat analysis which involves attack surface analysis
- Fuzz testing of the attack vendors.
- Reporting of the identified issues to developers
- Mitigation of the problem
Some of the most recently identified zero day attacks include
- Adobe zero day attacks discovered on February this year targeted at a security hole in the adobe products of reader and acrobat.
- Microsoft internet explorer zero day exploit discovered in January this year which could allow attackers to gain control of windows computers and host malicious websites in them.
There are remedies for these attacks such,
- The application proxy firewall, that acts in an opposite manner to the packet filter. While the packet filter looks at packets and filters out the susceptible sequence of packets, the application filter is designed to recognize good traffic and lock everything else out. Zero day threats are at a higher probability of detection when this filter is used.
- The multi faceted/ intelligently layered security ensures that packets assessment happens at different levels of security screening before forwarding to the user network.
References
Deibert, R. (2013). Black code: Inside the battle for cyberspace. Toronto: McClelland & Stewart.
Nazario, J. (2004). Defense and detection strategies against Internet worms. Boston, MA: Artech House.
Santanam, R., Sethumadhavan, M., & Virendra, M. (2011). Cyber security, cyber crime and cyber forensics: Applications and perspectives. Hershey, PA: Information Science Reference.