IDS mailing list archives
Re: Definition of Zero Day Protection
From: "Stephen P. Berry" <spb () meshuggeneh net>
Date: Thu, 12 Aug 2004 16:14:45 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 David Maynor writes:
Generic methods for 0day protection, like hooking functions called by shellcode, will always fail.
Well, any generic method someone is trying to sell you will always fail. Here's a generic method that prevents zero-day exploits (for just about any value of `zero-day'): -Deny all The upgraded version of this strategy (where `upgrade' here is defined in the marketing sense of `more useable, more broken'): -Default deny all -Permit only what is known good -When you're architecting the points of exposure first think about containment. Then give some thought to containment. Finally, worry about containment In other words, a successful `zero-day' protection strategy really looks an awful lot like a successful infosec strategy in general: rely on what you've designed into the system, not what you're expecting some vendor to miracle into it after it's deployed. - -spb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (OpenBSD) iD8DBQFBG/nKG3kIaxeRZl8RAlnKAJ4+FWjwbOUXYx2y5CxzSpd39RNkQgCfZSOu 3OFjSMTmmtC1X1gF9UfscSY= =p5wb -----END PGP SIGNATURE----- -------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Definition of Zero Day Protection Teicher, Mark (Mark) (Aug 09)
- RE: Definition of Zero Day Protection Rob Shein (Aug 09)
- Re: Definition of Zero Day Protection Joel Snyder (Aug 09)
- Re: Definition of Zero Day Protection Frank Knobbe (Aug 10)
- Re: Definition of Zero Day Protection Ali-Reza Anghaie (Aug 10)
- Re: Definition of Zero Day Protection Stefano Zanero (Aug 10)
- Re: Definition of Zero Day Protection Ali-Reza Anghaie (Aug 11)
- Re: Definition of Zero Day Protection David Maynor (Aug 11)
- Re: Definition of Zero Day Protection Stephen P. Berry (Aug 13)
- Re: Definition of Zero Day Protection Stefano Zanero (Aug 10)
- Re: Definition of Zero Day Protection Martin Roesch (Aug 11)
- <Possible follow-ups>
- RE: Definition of Zero Day Protection Carey, Steve T GARRISON (Aug 09)
- RE: Definition of Zero Day Protection Carey, Steve T GARRISON (Aug 09)
- Re: Definition of Zero Day Protection Drew Simonis (Aug 09)
- RE: Definition of Zero Day Protection Teicher, Mark (Mark) (Aug 09)
- RE: Definition of Zero Day Protection Michal Zalewski (Aug 10)
- Re: Definition of Zero Day Protection Ranjeet Shetye (Aug 10)
- RE: Definition of Zero Day Protection Teicher, Mark (Mark) (Aug 09)
- Re: Definition of Zero Day Protection Andy Cuff (Aug 11)
- RE: Definition of Zero Day Protection Drew Copley (Aug 09)
(Thread continues...)