Sunday, January 15, 2012

0Day is most rampant in July

Author: Zhang Qi



2009 in July, regular meeting is record in information safety annals, erupted fervently in July 0 days of many attack (0Day) , all sorts of application and systematic flaw bring about 0Day menace tall frequency to erupt, the bedding face that flaw of IE, red fox, Office, video, Direct causes accumulates Web to atttack, become what provide menace most undoubtedly " flaw month " dvd discovery .



The reason that 0Day erupts often



The concept of 0Day is used the earliest at software and game to destroy solution field. In those days, the main purpose of 0day is information exchange, because complete dispute is commercialized, blame gain, volunteer behavior, do not have be paid close attention to by network safety supervisor.



Still was July 2009, if you seek advice from the network safety of an any enterprises to be in charge of, what to ask they worry most? I think the answer is necessarily: 0Day.



Will tell from technical measure, it seems that we can worry again with most popular selling dog stairs out what. But the flaw that cannot accuse still exists, platform of the operating system that we use their consist in, website or other tripartite uses a program, we are not witting whether there is a certain unbeknown major flaw in these platform. But the network already inbreaked, information already by filch, check all flaw database and safe patch data not to get its probably to solve.



Tell from the concept, alleged 0Day flaw, it is to show those had not been made public, also do not have the flaw of the patch consequently, what say normally namely " not open flaw " . From theoretic tell, each application software that provides dimensi dog stairs for bed ons a bit is put possibly in flaw, just had be notted discover just, make up for measure forever lag just is the biggest menace. What environment be so aroused 0Day to atttack large area to erupt? Have the following main reasons:



· code is writtentravel mugs stainless



Causing the substaintial account that 0Day flaw is used should be link is written to go up in code. What commercial interest makes code write plan is infinite accelerate, lacked the most important code safety to detect thereby, the frequency that original need circulates repeatedly decreases likely. Want to the user uses an operating system or use a program only, the occurrence of 0Day is sooner or later thing, no matter you are service data library or website management platform, no matter you are,use the media player or see graph tool.



Write in the code of the operating system on, do not imagine like average user in that way, because open source software to b dog stairs for car e able to not pass more unified safety to detect, because this meeting compares more Windows existence flaw. As the general application of environment opening a source, in the menace on company level platform bigger disaster is met probably erupt.



The Web environment with insecure ·



The cause that another causes 0Day crisis to erupt is serving an environment at insecure Web, this provided the entry for baleful softwa dog crates large strong re infuse, network malfeasant uses a lot of new measures to infect the computer, a kind of method in comparing if is to inbreak first a few lawful sites, before prevail on visits the user of these sites, go to next the server that placed baleful software.



· is insecure inside net environment



In the Web menace environment that runs rampant increasingly today, "Imperceptible " dub mouse, open the network entrance door that leads to enterprise interior probably with respect to meeting side hacker. If a client carries lead plane to encounter virus, as a result of the mutual reliance of environment of the net inside its, the odds that across affects will increase dvd discovery 4 considerably. The diversity of terminal develops, let computer of table machine, notebook, U dish, the terminal unit such as the mobile phone visits intranet sth resembling a net to become a possibility at any time.



· patch rolls out lag



How do systematic manager and information prevent experts to know: Everyday a few kinds are installed newly prevent flaw to be discovered. Seek all systematic loophole from the Internet of tremendous amount of, can say to do not have any likelihoods, prep let alone hits good patch for them, and a magic weapon that this is aggressor place depend on. Safe organization is in after discovering flaw, often can inform software of the supplier through formal way, but the manufacturer rolls out patch program most at least needs longer perhaps time ten days, this created safe defense system " empty schedule for showing motion pictures in a theater " .



How is 0Day crisis on guard



Before, have the virus of transmission to exploiting loophole, we can be updated with download, appear in flaw use patch program and administrative tool rehabilitate for a short while these flaw, make sure systematic safety moves steadily. But atttack in the light of 0Day, because the manufacturer has not release the patch that repairs flaw external, the minatory job that because this utmost prevents this leak,brings falls to enterprise and average user body mostly.

ata pci

This includes the operation of a few groovy sexes, do not look down upon the operation of these special foundations, some moment attend a meeting have surprise effect. For example: When the program runs on the system that is affected by flaw, move with attributive of the smallest user; Virus is enabled to defend o the best selling dog stairsn computer the option of monitoring key process in software, check what using at present to log onto information regularly.



· seeks the loophole in code



Writing safe code is to reduce 0Day to atttack the most significant step. Now, the software that writes safety is compared before more important, staff of every software development must learn how security compositive arrive among the project. Include platform of operating system, application, even if be the development of a very small plug-in unit,more safe code were involved in the environment technology, this includes: Buffer spills over avoid, affirmatory and proper visit control, move with the smallest prerogative, add data of secret of fine weak point, protection, and the standard expresses to wait for a lot of proble the most popular selling dog stairs m. Because this needs development,personnel cooperates what code safety examines a system to carry out.



The key that code safety examines is to spot the insecure encode technology that gives a likelihood to cause safe problem and accident and defect. Although the likelihood is very time-consuming, but code is examined must undertake regularly in project development cycle, they are repaired to want after because the cost of safe blemish and workload are repaired when development,be being compared small much.



It is with the buffer with highest frequency appearing to spill over in 0Day exemple, because aggressor is OK,control right is acquired in the course that running code infuse, because this goes all lengths to keep clear of them from code after discovery,go out, be inferior to ensuring above all apparently do not let them enter code had better.



Supervisory system of behavior of · deploy intelligence



The industry appears some defending according to needing to update or upgrade system, add the defense measure that is based on analysis of baleful behavior mode for example, carry kind of this kind of defence, no matter baleful software was used foregone or it is sealed flaw, can be detected by effective ground and discover. This kind of means and the defense measure photograph that are based on diagnostic analysis are compared, the largest dominant position depends on former the feature that does not need software of ill will of concrete analysis some, because dog,also do not need newest trojan or it is flaw and be kept constantly on the run, it can effective defense " sealed " baleful software, it is the effective complement that answers 0Day charge.



Uncontrollable client carries management center of a lot of networks to be invaded by baleful code, the terminal that cannot prevent virus software to was not installed or was being uninstalled stealthily undertakes statistic and long-range deploy, thereby cannot the infection fountainhead that essence of life locates the network browbeats definitely, this is fast without method, cut off surely inbreak incident, it is intranet sth resembling a net at the same time inside same kind virus breaks out repeatedly provided breeding ground. Accordingly, enterprise not only need shuts deploy safety to filter in the net product, more answer inside the net decorates monitoring mechanism.



· increases deploy of cloud safety product



The tradition gases defence software investigates the method that kills virus is to pass the code in virus feature code and the virus dog crates large library of the software that reduce toxin to undertake comparative, if there is identical diagnostic yard in virus library, think this program is virus. Through enlarging virus library, contrast the practice of check virus has reached the limit, because virus library expands indefinitely, will make server and the pressure that the client carries very great. And face so sickish poison, safe software and service manufacturer collect a feature indefinitely impossibly also to pile up. Accordingly, change tradition gases defence technical mechanism extremely urgent.



If from information safety strategic angle looks, cloud safety is such menace of the 0Day that be like " force " come out, its are overall train of thought and traditional safe and logistic difference are not big, but the service mode of both is disparate however.



Be in " the cloud " another end, the group that has major will help user is handled and analyse safe menace, also advanced data center helps you save virus library, ability of intercurrent of course visit also is to exceed strong. However, cloud safety asked to be reduced however to the configuration of the client side, use rise to also resemble connecting what kind of of the firewall that show pattern, the user does not need to know where it is, but had core however. Had a leader, had credit to evaluate a mechanism, linkage rises by tens of thousands the client carries the site that can avoid to visit those horses that be hanged inside the shortest time, download the flaw patch that releases by tripartite automatically perhaps.

No comments:

Post a Comment