If you are using the software, what steps can you take to defend yourself in the
meantime? If you are a consultant, what guidelines will you give your customers for defending
themselves? This chapter presents some options for improving security during
the vulnerability windowthat exists between discovery and correction of a vulnerability.
Mitigation Alternatives
More than enough resources are available that discuss the basics of network and application
security. This chapter does not aim to enumerate all of the time-tested methods of
securing computer systems. However, given the current state of the art in defensive techniques,
we must emphasize that it remains difficult if not impossible to defend against a
zero-day attack. When new vulnerabilities are discovered, we can only defend against
them if we can prevent attackers from reaching the vulnerable application. All of the
standard risk assessment questions should be revisited:
??? Is this service really necessary? If not, turn it off.
??? Should it be publicly accessible? If not, firewall it.
??? Are all unsafe options turned off? If not, change the options.
481
And, of course, there are many others. For a properly secured computer or network all of
these questions should really already have been answered.
Pages:
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841