Experts warn of surge in zero-day flaws

The report advises implementation of a "least privilege" environment to reduce the impact of such attacks.

Marco Peretti, chief technical officer at security firm BeyondTrust, agreed with the findings of the Sans Institute, urging users to follow the "principle of least privilege" in setting user access controls, permissions and rights.

Peretti also suggested restricting or limiting the use of active code such as JavaScript or ActiveX in browsers.

Companies using Microsoft's Active Directory should take maximum advantage of Group Policy Objects to control user access, and should not rely on antivirus protection alone since zero-day attacks are often not detectable until new signatures are released.

"A zero-day vulnerability is a known flaw in software that does not have a patch available," said Marc Sachs, director of the Sans Internet Storm Center.

"In 2006 we have seen a significant rise in attacks that take advantage of zero-day vulnerabilities, leaving a user or system unable to defend against the attack since no patch is available."

This type of application-level attack is very hard to prevent with traditional flow-based schemes such as intrusion detection systems and firewalls.

Likewise, consumer-oriented security solutions such as antivirus software cannot usually detect the initial outbreak of a zero-day exploit attack.

"When users and applications are given more privileges than necessary, organisations expose themselves to threats such as malware and data theft no matter what defence they have in place," warned Peretti.

"A huge security problem that Windows enterprises face is that many users must be given administrative privileges in order to run required applications.

"However, as we have seen, administrative privileges are easily exploited by zero-day threats and malicious users. So you have to ask yourself if you trust your existing security defences."

Copyright ©v3.co.uk

dayflawssecuritysurgezerozeroday