Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-IDS
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Definition of Zero Day Protection

from [Stephen P. Berry] Network Security [Permanent Link]
Subject: Re: Definition of Zero Day Protection
Date: Thu, 12 Aug 2004 16:14:45 -0700 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


David Maynor writes:


Generic methods for 0day protection, like hooking functions called
by shellcode, will always fail.


Well, any generic method someone is trying to sell you will always fail.
Here's a generic method that prevents zero-day exploits (for just about
any value of `zero-day'):

        -Deny all

The upgraded version of this strategy (where `upgrade' here is defined
in the marketing sense of `more useable, more broken'):

        -Default deny all
        -Permit only what is known good
        -When you're architecting the points of exposure first think
         about containment.  Then give some thought to containment.  Finally,
         worry about containment

In other words, a successful `zero-day' protection strategy really looks
an awful lot like a successful infosec strategy in general:  rely on
what you've designed into the system, not what you're expecting some
vendor to miracle into it after it's deployed.




- -spb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (OpenBSD)

iD8DBQFBG/nKG3kIaxeRZl8RAlnKAJ4+FWjwbOUXYx2y5CxzSpd39RNkQgCfZSOu
3OFjSMTmmtC1X1gF9UfscSY=
=p5wb
-----END PGP SIGNATURE-----

--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from CORE
IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to 
learn more.
--------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  A Network IPS Proposal (was Definition of Zero Day Protection), Shaiful
Next by Date:  Top Layer Attack Mitigator - Experience?, Michael McDonough
Previous by Thread:  Re: Definition of Zero Day Protection, David Maynor
Next by Thread:  Re: Definition of Zero Day Protection, Martin Roesch
Indexes:  [Date] [Thread] [Top] [All Lists]