- 4chan hell raisers finding fame brings heat?
- The 10 dumbest mistakes network managers make
- NetApp quits bidding war in face of EMC opposition
- CompuServe closes after 30 years
- Google to launch open-source Chrome OS this year
The Windows animation bug (ANI) caused widespread concern because exploits against it became widely available before Microsoft could release a patch. But like other zero-day threats before it, there are measures companies can take to at least try to mitigate the risk from unpatched vulnerabilities, security experts said.
The measures are not a sure bet. And in the end, patching a flaw is still the most reliable way of protecting against exploits seeking to take advantage of it, they said. But deploying multiple layers of defenses is vital to dealing with threats for which no immediate fix is available.
Among them are the following:
Restrict e-mail attachments
One of the ways hackers hope to exploit the ANI flaw -- which Microsoft patched earlier Tuesday -- is by trying to get users to click on malicious attachments in spammed e-mails. One way of dealing with this sort of an attack vector is by having strict policies in place for filtering out e-mail attachments.
Security experts have for a long time now advised companies to filter out gif, JPEG, WMV and pretty much most attachment types they don't need from inbound and outbound e-mails. When deciding which attachments to allow and which to deny, it's a mistake to assume that only certain attachment types are maliciously used, said Russ Cooper, senior information security analyst with Cybertrust Inc.
"Don't go on the basis of whether something is benign or not," Cooper said. After all, both gif and JPEG attachments were once considered benign until hackers started hiding malicious code in them. "Instead, look at what you need for your business," he said.
If there is a business need for accepting e-mails with attachments -- from a business partner, for example -- see if there's a way to restrict them to just that business partner. Or if you need to exchange zip files, for instance, consider the possibility of renaming the extension to something that just your company and your business partner knows -- and permit only attachments with that extension into your network, Cooper said. "Then you can put gif, JPEG and even animated cursors if you have a need for them into those attachments," he said. "If you say 'I only want to allow these attachments and nothing else,' you have eliminated every zero-day" threat via e-mail attachments, he said.
The Leader in Network Knowledge
Comment