Define server roles, counterattack zero-day threats

Zero-day exploits are an unsettling issue for any administrator who is concerned with security. A zero-day exploit is an exploit against a previously undiscovered and undocumented vulnerability. The problem with zero-day exploits is that you are trying to protect the system against security holes that may or may not even exist. This means that you can't just apply a security patch to prevent the vulnerability from being exploited, because no one except for the hacker who exploits the vulnerability knows about it.

More on zero-day threats Harden your network services and contain zero-day threats

While you can't usually rely on patching as a mechanism for protecting you from zero-day exploits, there are some things you can do to harden your server and make your system far less susceptible to these types of attacks.

By far the most effective countermeasure against a zero-day exploit is to reduce the attack surface on your systems. Imagine a hacker launching a zero-day exploit against a previously undiscovered security hole in Internet Information Server (IIS). Depending on the nature of the vulnerability, such an attack could be catastrophic if IIS is installed.

That's why it's a good security practice to take a role-based approach in regards to your servers. Try specifically defining the tasks that each server on your network is required to perform. By doing so, you can easily determine which system components are and are not required in order to perform the necessary tasks. For example, if a server is acting solely as a file server, then there is no reason why it would need to run components like IIS or the Print Spooler service.

It is best to configure each server so it performs only a single task. That way, you not only reduce the server's attack surface, but you also make it far easier to determine which system components are required in order for the server to do its job.

Click here for other pieces in the "Containing zero-day threats" series:
Harden your network services and contain zero-day threats

About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. As a freelance technical writer, he has written for Microsoft, TechTarget, CNET, ZDNet, MSD2D, Relevant Technologies and other technology companies. You can visit his personal Web site at www.brienposey.com.

Rate this Tip To rate tips, you must be a member of SearchWindowsSecurity.com. Register now to start rating these tips. Log in if you are already a member. Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Malware and other Windows security threats Prevent malware infection with malware detection tools Does Vista mean the end of malware? Zero-day attack prevention Use patching to protect your network from threats Remove bots from your system -- a four-step process Harden your network services and contain zero-day threats Step-by-Step Guide: Finding and removing a rootkit Step 1: Is there a problem Step 3: Clean up the mess Step 2: Choose the right scanning tool Malware and other Windows security threats Research Hardware Free security testing tools for Windows handheld devices Windows mobile security: Get it locked down Limit network access points to boost endpoint security Network security assessment for network infrastructure Managing Windows network access on additional servers Windows Server 2008: Looking good on the security front Conquer forgotten Windows passwords with Password Reset Wizard USB encryption security for Windows: IronKey review Why you should plan Windows network security tests What should I be asking a security vendor? Hardware Research Network Infrastructure security Kerberos authentication for network login on non-Windows networks Plan for a security breach, step by step Hunting down a hacker Contacting the domain controller Unsecured devices worry IT professionals Step-by-step guide: Hacking file servers Step 1: Exploiting a missing patch Step 2: Sniffing the network for juicy info Step 4: Executing related hacks that indirectly affect file servers Step 3: Stumbling across sensitive files RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.