Patching is an established routine for most organizations. IT directors and network administrators know that it is necessary to patch systems and applications on a regular basis to protect their networks against vulnerabilities.
These zero-day exploits -- so named because there is no notice given between the discovery of the vulnerability and the discovery of an active exploit of the vulnerability in the wild -- can take networks by surprise and wreak havoc on the enterprise. There are some fundamental steps you can take to proactively protect the network and minimize the potential for a zero-day exploit to impact your enterprise.
- Guard the perimeter. The concept of the network perimeter has deteriorated over time with the development of wireless networking and mobile devices. It is harder and harder to define what devices are inside the network perimeter and which are outside. But, the network perimeter should be protected by a firewall.
The firewall should guard against unnecessary and unauthorized network traffic entering the network. Construct firewall rules and policies that allow the flow of business operations without reducing overall network security more than necessary. The ability for mobile and wireless devices to affect the network can be reduced by only allowing them to connect to internal network resources via an encrypted VPN tunnel.
- Patch and protect. By definition, if the threat is coming from a zero-day exploit, then no patch exists yet for the specific threat. However, having an effective, timely process for evaluating and deploying patches is a key to overall network security. It is also important to run an up-to-date antivirus program of some sort. Even though the specific threat may not yet be defined, antivirus software can often detect even unknown threats using heuristic detection, which provides at least some level of security.
- Rapid response. In a best-case scenario, your proactive security would be enough to protect against zero-day exploits impacting your network. The potential, however, still exists for a zero-day exploit to infiltrate your network undetected. If you have a well-configured intrusion detection or intrusion prevention system (IDS/IPS) in place, you'll be able to detect and act on any suspicious or anomalous activity. Regardless of how you are notified of a threat to your network, have well-defined policies and procedures for incident response, including clear steps for executing them as well as established roles and responsibilities.
- Contain the threat. One final part of minimizing the impact of a zero-day exploit on your network is to have some means of containing the threat so it's unable to spread and cause more damage throughout your network. By using virtual LAN's (VLANs) or other methods of segregating network traffic, you can establish a means for limiting the damage to a specific LAN segment and contain the threat before it spreads to the rest of the enterprise.
About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is recognized by Microsoft as an MVP in Windows Security, and he is the About.com Guide for Internet / Network Security, providing a broad range of security tips, advice and reviews. Bradley is co-author of Hacker's Challenge 3 and author of Essential Computer Security. He contributes frequently to other industry publications. For a complete list of his freelance contributions, visit S3KUR3.com.