I doubt there's a single definition with any kind of official blessing from
a standards group of any sort. I would consider it to be the ability of an
application or inline system to detect a buffer or heap overflow, format
string attack, or something similar...and stop it...without having the
ability to precisely recognize it. The last part is the key; it doesn't
have to know WHICH one it is, but rather recognize it as an attack based
upon a characteristic (like a huge sequence of NOPs) that would be common to
most or all such attacks, without regard to whether or not the vulnerability
it exploited was previously known or not. Of course, it would be nice from
an alerting standpoint to know which attack it was, if it already was a
known one, but that's not part of the 'zero day' concept.
-----Original Message-----
From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
Sent: Sunday, August 08, 2004 9:48 PM
To: focus-ids@securityfocus.com
Cc: Seanor, Joseph (Joe)
Subject: Definition of Zero Day Protection
What is Zero Day Protection, I think I understand the
definition of Zero Day Exploits. But what is Zero Day
Protection? Another marketing blurb
or it can vendors actually offer zero day protection?
Thank you for clarifying my confusion
/m
--------------------------------------------------------------
------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world
attacks from CORE IMPACT. Go to
http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04
0708 to learn more.
--------------------------------------------------------------------------
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to
learn more.
--------------------------------------------------------------------------
