WHAT IS A ZERO DAY?
Human often likes to update their life on the daily basis. Am I right??..If
you are a human then most probably your answer will be yes. This updating also includes updating your
cyber needs and uses. likely to update the phone software, security patches,
apps, cost-free software, paid software, or anything that satisfies your cyber
needs. These services are provided by various organizations. They make updates
to cater to many different users. From the day of update release, Both the
cyber attackers and the service providers turn their vision in finding any loopholes or any flaws in the
updated software versions. if there are
any loopholes, then there are more chances that they can be found by cyber
attackers or hackers. This allows the hackers to make a great move. Mostly
these attacks are referred to as Zero-Day attacks.
Zero-day is a flaw in the software, hardware, or firmware that is unknown to the party responsible for
patching or otherwise fixing the flaw. The term zero-day may refer to the vulnerability
itself, or an attack that has zero days between the time the vulnerability is
discovered and the first attack. Once a zero-day vulnerability has been made
public, it is known as an n-day or one-day vulnerability.
Since zero-day vulnerabilities
aren't known in advance, there is no way to guard against such exploits before
they happen. Ordinarily, when a researcher detects that a software program
contains a potential security issue, he or she will notify the software vendor
so they can fix the code and distribute a patch or software update. The hope
with a zero-day vulnerability is that even if an attacker hears about the
vulnerability, it will take time to figure out how to exploit it without being
detected -- and meanwhile, the fix will have been made available.
Anti-malware software,
intrusion detection systems (IDSes), and intrusion prevention systems (IPSec)
are often ineffective against zero-day attacks because the attacks do not yet
have a known signature. One of the best ways to detect a zero-day attack is
simply to monitor network logs. Activities falling outside of the normal scope
of operations could be an indicator of a zero-day attack.
Suggestions for
mitigating the effects of a zero-day attack include:
·
Keep all systems patched and
up to date.
·
Perform regular
vulnerability scanning.
·
Apply encryption and
authentication controls to network traffic.
·
Isolate sensitive traffic
flowing between servers.
·
Use network access control
to prevent rogue machines from gaining access.
·
Lockdown wireless access
points.
·
Stay on top of security
news.
Once a zero-day is found
in the wild, a patch can be developed and deployed to resolve the exploit. This
would make the exploit or attack no longer a zero-day.
This is a reference Blog