Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How do I defend against 0day?

From: Ron Gula <rgula () tenablesecurity com>
Date: Mon, 20 Apr 2009 11:04:45 -0400
Your two main questions:


One, how do I put up a reasonable defense against 0day vulnerabilities?


The short answer is to minimize complexity and then expect it to break.

You need to minimize your overall attack surface and then look for
failures. If you've already gone through everything on your network
and your know it has been patched, configured correctly and is supposed
to be there, then the next thing you need to ask yourself is what to
expect when these services that you depend on get popped by a zero day.
If you assume that some of your key services will get popped by a zero
day, you might make changes in your architecture to minimize the effect
of a compromise.


Two, how does purchasing a bunch of 0day from Immunity help me reach
that goal?


Some of the zero-days that you don't know about will be covered by the
Immunity feed. If you pen test with these zero-days that are not in
the general public, you can test your systems to see how they react.
Hopefully you will find that your admins, help desk, NIDS, SIM, .etc
sees something that alerts you to the presence of a compromised system.

Ron Gula
Tenable Network Security



_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: