Hacking
Administrative privileges are easily exploited by zero-day threats and malicious users

Experts warn of surge in zero-day flaws

Sans Institute urges 'least privilege environment' to beat attacks

Clement James

vnunet.com, 20 Nov 2006

Security experts at the Sans Institute warned last week of a major surge in zero-day flaws as part of its 2006 update to the Top 20 Internet Security Attack Targets list.

The report advises implementation of a "least privilege" environment to reduce the impact of such attacks.

Advertisement

Marco Peretti, chief technical officer at security firm BeyondTrust, agreed with the findings of the Sans Institute, urging users to follow the " principle of least privilege" in setting user access controls, permissions and rights.

Peretti also suggested restricting or limiting the use of active code such as JavaScript or ActiveX in browsers.

Companies using Microsoft's Active Directory should take maximum advantage of Group Policy Objects to control user access, and should not rely on antivirus protection alone since zero-day attacks are often not detectable until new signatures are released.

"A zero-day vulnerability is a known flaw in software that does not have a patch available," said Marc Sachs, director of the Sans Internet Storm Center.

"In 2006 we have seen a significant rise in attacks that take advantage of zero-day vulnerabilities, leaving a user or system unable to defend against the attack since no patch is available."

This type of application-level attack is very hard to prevent with traditional flow-based schemes such as intrusion detection systems and firewalls.

Likewise, consumer-oriented security solutions such as antivirus software cannot usually detect the initial outbreak of a zero-day exploit attack.

"When users and applications are given more privileges than necessary, organisations expose themselves to threats such as malware and data theft no matter what defence they have in place," warned Peretti.

"A huge security problem that Windows enterprises face is that many users must be given administrative privileges in order to run required applications.

"However, as we have seen, administrative privileges are easily exploited by zero-day threats and malicious users. So you have to ask yourself if you trust your existing security defences."

  • Have your say
  • Send to a friend
  • Print
  • Digg
  • Reddit
  • Share

Tags:

Do you agree?

Have your say on this article

Further reading

Related whitepapers

Related jobs

Most watched

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

Xperia X1

Video Review: Sony Ericsson Xperia X1

First Looks Editor Ian Williams gets hands on with the Sony Ericsson Xperia X1

More video

IT white papers

Search white papers

Top categories

Poll

Poll: Summer smartphones

Poll: Summer smartphones

Which smartphone will you be taking to the beach this summer?

View poll results

Advertisement

Advertisement

Newsletter signup

Sign up for our range of FREE newsletters:

  • More available - 'submit' to view

Existing User

Newsletter user login:

Enter email address to edit your newsletter preferences

Job of the week

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Hiring now on ComputingCareers:

Related IT jobs

More IT jobs

Search thousands of IT jobs :

Search thousands of IT jobs:

Advanced search

Spotlight

iPhone

Video Review: iPhone 3GS

We put Apple's latest iPhone through its paces

old computer

Government honours veterans of Bletchley Park at last

Surviving veterans of the code-breaking facility to receive badge of...

Motorola MC55 Enterprise Digital Assistant

Review: Motorola MC55 Enterprise Digital Assistant

A rugged Windows Mobile device for mobile workers

BT

BT promises 1.5m fibre connections by summer 2010

Telco begins major rollout in 69 locations across the UK

Primary Navigation