Is Tomorrow A Zero Day?

By  Ben Halpert
By now, you have probably heard about Operation Aurora. It was a cyber attack launched between mid-2009 and December 2009 against large corporate targets. Among those targets were Google, Rackspace, Juniper Networks, Adobe Systems, Symantec, and many others. 

In a blog posting on Jan. 12, 2010, Google revealed that it had traced the source of the attack to China, and, as a result, that it would no longer cooperate with the Chinese government by providing censored search results. The result? An international incident, replete with allegations and counter-allegations about whether Google's actions amounted to a United States government conspiracy.  

What's scarier than the concept of Google leading an alleged U.S. conspiracy against China?

The cyber attack itself, of course.

Here's how it worked: To compromise end-user systems, the cyber attack leveraged a zero-day vulnerability in Microsoft Internet Explorer. The compromised end-user systems were then used as the launching point for searching company Intranets for valuable information. In this context, a zero-day vulnerability occurs when a vulnerability exists where no known fix by the affected software developer is available to protect effected systems.

How can you protect your organizational assets from zero-day vulnerabilities?

As a mitigation, your organization can employ techniques for controlling the end-user computing environment. While this is by no means an exhaustive list of steps to take to control the end-user environment, it can serve as a starting point for discussions.

1. Make sure you have a good inventory of organizational IT assets, both hardware and software.
2. Remove end-user administrative access to their systems.
3. Ensure a vulnerability management platform is employed.
4. Create standard device images that are approved for use in the organization.
5. Deploy a white-listing capability based on your standard images.

White listing allows only approved software to run on specified devices. There are several solutions available, from built-in operating system components, such as AppLocker on Windows, to various third-party solutions from Bit9, Faronics, and McAfee, among many others.

Zero-day vulnerabilities will be a reality for as long as we use software as a productivity tool in the workplace (so add zero-days to death and taxes). If you are not controlling the end-user work environment, then you are leaving your organizational assets open to compromise from the unknown cyber attacks of tomorrow.