11

What are the areas or technologies to focus on to protect users and devices?

Are patching, antivirus and firewalls still the main areas?

How do you defend against attacks against vulnerabilities that have no patch?

Scott Pack
  • 15,167
  • 5
  • 61
  • 91
Sim
  • 1,227
  • 1
  • 13
  • 21

5 Answers5

9

User education & training is huge. Get the users to help you play good defense.

I always like to see the security programs that award spot bonuses to employees for challenging a person in a secured area without a badge. You can be creative and extend this idea to phishing attacks, pretexting, etc; for example, send out a mock phishing attack and reward employees for calling it out and not falling for it.

Keeping up to date on patches is key - Secunia Personal Software Inspector rocks.

Tate Hansen
  • 13,714
  • 3
  • 40
  • 83
  • The new beta of Secunia PSI is great. – Sim Nov 21 '10 at 11:06
  • User education is important but how do you protect against vulnerabilities that don't have a patch but are being actively exploited, and require little or no user interaction to work? – Sim Dec 10 '10 at 01:29
  • 1
    As Bruce Schneier says, if you ask ameteurs to be your guards, dont be surprised when you get ameteur security. What I think user education **is** good for though, is to avoid the situations where users can easily subvert any defense you put in place. That is, if you're trying to protect users, they can always turn your defense into swiss cheese - dont forget the dancing pigs. You need them to play along and not try to get around your defense, basically its about teaching them NOT to click for dancing pigs. – AviD Dec 15 '10 at 10:55
5

No. Secure coding is the main area. A patching and secure update system is important for feature upgrade, quality, metrics, and security reasons -- it may be a strong requirement for many end-user devices in addition to secure coding.

I avoid using and recommending firewalls and anti-virus agents at all costs. They make you less secure, and not just because they provide a false sense of security. They are accident prone, insecure ruses.

atdre
  • 18,885
  • 6
  • 58
  • 107
  • 1
    How do you protect against vulnerabilities that don't have a patch but are being actively exploited? How do you mitigate against code that you can't change? – Sim Dec 10 '10 at 01:27
2

Sim - in addition to the good points Tat and atdre make, there are mitigating controls to defend against zero-days. The main one is a strong security architecture. Please see this question for further answers.

Community
  • 1
Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
2

It may be obvious, but another key consideration in mitigating the threat of zero-day vulnerabilities is simply reducing the attack surface area.

Java-based drive-by downloads for instance, aren't a threat if users who don't need the JRE don't have it installed or enabled in their browsers. Eliminating applications, features, and services that users don't need will eliminate attack vectors that malware would otherwise try to take advantage of.

I hope this helps,

-Xander

Xander
  • 35,525
  • 27
  • 113
  • 141
0

Patching, patching, and patching. Pattern-based AV is increasingly ineffective and firewalls are much less relevant these days as virtually everything is HTTP.

  • What about protection against vulnerabilities that don't have a patch but are being actively exploited? – Sim Nov 18 '10 at 21:53