Sans Institute urges 'least privilege environment' to beat attacks
vnunet.com, 20 Nov 2006
Security experts at the Sans Institute warned last week of a major surge in zero-day flaws as part of its 2006 update to the Top 20 Internet Security Attack Targets list.
The report advises implementation of a "least privilege" environment to reduce the impact of such attacks.
Marco Peretti, chief technical officer at security firm BeyondTrust, agreed with the findings of the Sans Institute, urging users to follow the " principle of least privilege" in setting user access controls, permissions and rights.
Peretti also suggested restricting or limiting the use of active code such as JavaScript or ActiveX in browsers.
Companies using Microsoft's Active Directory should take maximum advantage of Group Policy Objects to control user access, and should not rely on antivirus protection alone since zero-day attacks are often not detectable until new signatures are released.
"A zero-day vulnerability is a known flaw in software that does not have a patch available," said Marc Sachs, director of the Sans Internet Storm Center.
"In 2006 we have seen a significant rise in attacks that take advantage of zero-day vulnerabilities, leaving a user or system unable to defend against the attack since no patch is available."
This type of application-level attack is very hard to prevent with traditional flow-based schemes such as intrusion detection systems and firewalls.
Likewise, consumer-oriented security solutions such as antivirus software cannot usually detect the initial outbreak of a zero-day exploit attack.
"When users and applications are given more privileges than necessary, organisations expose themselves to threats such as malware and data theft no matter what defence they have in place," warned Peretti.
"A huge security problem that Windows enterprises face is that many users must be given administrative privileges in order to run required applications.
"However, as we have seen, administrative privileges are easily exploited by zero-day threats and malicious users. So you have to ask yourself if you trust your existing security defences."
Remote access - Three steps to getting connected
3.4 million UK professionals now work from home – is your company equipped?
Cost benefits of a global collaboration network
This white paper is a must read for organisations looking for evidence of the bottom-line benefits of high-definition video and voice communications
Keep up to date with the latest products, services and technologies from the world's leading IT companies; IThound.com brings you over 6,000 white papers, case studies and analyst reports.
We chat to Mike Maddison, UK head of Security, Privacy...
Update designed to give mobile users a richer, more personalised...
More thoughts on how servers can help manage overload
Do you agree?
Have your say on this article