Find White Papers
Home About Contact Help
Free Membership Member Login
Jul 6, 2008
View Popular Research Browse Topics Find Business Solutions RSS Feeds List Your Research
Search the Library                  Advanced Search

Unknown Attacks: A Clear and Growing Danger

Secure Computing
By : Secure Computing
INFORMATION
Published : Jun 05, 2006
Length : 7
Type : White Paper
 
Download Now
Save for Later
  Email This Page
Overview :

Unknown attacks are quickly becoming the next great information security challenge for today's organizations. As the window of time between the disclosure of a new vulnerability and the emergence of unique threats that operate against it continues to diminish, so does the effectiveness of many conventional countermeasures, including patch management.

This paper explores the details of this growing danger and subsequently provides an evaluation of the various technologies available to counter the risk it introduces.
View All Items By This Company
Browse Related Categories :

Application Security

,

Firewalls

,

Hacker Detection

,

Internet Security

,

Intrusion Detection

,

Intrusion Prevention

,

Network Security

,

Network Security Appliance

,

Patch Management

,

Security

,

Security Management

,

Web Service Security
 
Unknown attacks: a clear and growing danger

Unknown attacks are quickly becoming the next great information security challenge for today's As the window of time between the disclosure of a new vulnerability and the emergence of unique that operate against it continues to diminish, so does the effectiveness of many conventional including patch management. This paper explores the details of this growing danger and subsequently an evaluation of the various technologies available to counter the risk it introduces.

Establishing a common language

A seemingly insignificant yet all-too-common obstacle for organizations trying to achieve an effective information security solution is the inconsistent usage of related terminology. For example, what is between a threat, an exploit, and an attack? Thus, the following clarifications and definitions are help alleviate any confusion, at least for the duration of this discussion.

Vulnerability

This is a flaw/weakness in the code of any program (e.g., application, operating system) that presents opportunity to force the program or its underlying system to conduct unintended, often malicious, For example, the familiar Zotob worm from August 2005 exploited a buffer overflow vulnerability in Microsoft operating system's Plug-and-Play service that enables a remote attacker to gain complete the affected system.

Exploit

In many cases the term "exploit" is used interchangeably with "threat." However, "exploit" technically refers only to the specific component of a threat that takes advantage of a vulnerability, as opposed components of a threat (e.g., propagation mechanisms to help it spread, or the actual payload). with Zotob, exploit code was released on 11 August, only two days after the announcement of (MS05-039); whereas the first worm using this code appeared three days after that, on 14 August, point susceptible targets were at imminent risk.

With Zotob, exploit code was released on 11 August, only two days after the announcement vulnerability (MS05-039); whereas the fi 14 August, at which point susceptible targets were at imminent risk.

Threat

Not unlike the term "vulnerability," the meaning of "threat" also varies somewhat with context. For during high-level risk management discussions, threats are general categories of "bad things" that can (e.g., theft of data, disruption of services). More commonly however, and in any case for the discussion, it is intended to refer to the specific agent that operates against any given vulnerability with the Zotob example, the threat in this case is the Zotob worm itself, as well as each unique was subsequently spawned. Indeed, it is also important to recognize that there is not necessarily a relationship between threats and vulnerabilities. For example, by August 19, 2005 there were at least variants of Zotob, as well as 5 other worms operating against the MS05-039 vulnerability. Furthermore, one of these threats, Rbot, actually incorporated exploit code that enabled it to operate against vulnerabilities as well.

Countermeasure/safeguard/control

A mechanism (e.g., procedure, specific configuration, or program) that either eliminates a vulnerability otherwise reduces the potential for it to be exploited. For example, with Zotob one countermeasure have been employed would be to install the available patch on affected systems.

Attack and Unknown Attack

First, an attack is defined as the occurrence of an organization being actively subjected to a threat words, the presence of a threat "in the wild" does not constitute an attack. It is only when the against a specific target that the associated organization is considered to be "under attack." An attack" then is one where the organization's countermeasures are not able to identify the threat it exposed to. For example, if an organization was confronted with the variant Zotob before its intrusion detection/prevention systems received applicable signature updates, then this would be characterized as an unknown attack (assuming that no other installed countermeasures could identify it either). is important to realize that just because an attack is unknown does not mean that an organization to it or that it is unable to protect itself against it.
Search the Library                  Advanced Search
Today's Popular Reports This Weeks Most Popular Reports Most Popular Topics Vendor Directory Home
About Us Contact Us List Your Papers Partner With Us Site Map