Use patching to protect your network from threats

Patching is an established routine for most organizations. IT directors and network administrators know that it is necessary to patch systems and applications on a regular basis to protect their networks against vulnerabilities.

More on zero-day threats Harden your network services and contain zero-day threats Define server roles, counterattack zero-day threats Eliminate zero-day threats with virtual server technology

This is a good system for the flaws that are known. However, vulnerabilities that are discovered by the vendors themselves or by security researchers with a sound moral compass and strong ethics are typically not announced to the general public until the appropriate patch is developed and available. Sometimes, though, flaws are discovered by developers of questionable character, and those flaws are turned into attacks that can be used to exploit the vulnerability before the software vendor -- or the general public -- have any idea that a problem exists.

These zero-day exploits -- so named because there is no notice given between the discovery of the vulnerability and the discovery of an active exploit of the vulnerability in the wild -- can take networks by surprise and wreak havoc on the enterprise. There are some fundamental steps you can take to proactively protect the network and minimize the potential for a zero-day exploit to impact your enterprise.

1. Guard the perimeter. The concept of the network perimeter has deteriorated over time with the development of wireless networking and mobile devices. It is harder and harder to define what devices are inside the network perimeter and which are outside. But, the network perimeter should be protected by a firewall.

   The firewall should guard against unnecessary and unauthorized network traffic entering the network. Construct firewall rules and policies that allow the flow of business operations without reducing overall network security more than necessary. The ability for mobile and wireless devices to affect the network can be reduced by only allowing them to connect to internal network resources via an encrypted VPN tunnel.

2. Patch and protect. By definition, if the threat is coming from a zero-day exploit, then no patch exists yet for the specific threat. However, having an effective, timely process for evaluating and deploying patches is a key to overall network security. It is also important to run an up-to-date antivirus program of some sort. Even though the specific threat may not yet be defined, antivirus software can often detect even unknown threats using heuristic detection, which provides at least some level of security.

3. Rapid response. In a best-case scenario, your proactive security would be enough to protect against zero-day exploits impacting your network. The potential, however, still exists for a zero-day exploit to infiltrate your network undetected. If you have a well-configured intrusion detection or intrusion prevention system (IDS/IPS) in place, you'll be able to detect and act on any suspicious or anomalous activity. Regardless of how you are notified of a threat to your network, have well-defined policies and procedures for incident response, including clear steps for executing them as well as established roles and responsibilities.

4. Contain the threat. One final part of minimizing the impact of a zero-day exploit on your network is to have some means of containing the threat so it's unable to spread and cause more damage throughout your network. By using virtual LAN's (VLANs) or other methods of segregating network traffic, you can establish a means for limiting the damage to a specific LAN segment and contain the threat before it spreads to the rest of the enterprise.

About the author: Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is recognized by Microsoft as an MVP in Windows Security, and he is the About.com Guide for Internet / Network Security, providing a broad range of security tips, advice and reviews. Bradley is co-author of Hacker's Challenge 3 and author of Essential Computer Security. He contributes frequently to other industry publications. For a complete list of his freelance contributions, visit S3KUR3.com.

Rate this Tip To rate tips, you must be a member of SearchWindowsSecurity.com. Register now to start rating these tips. Log in if you are already a member. Submit a Tip Digg This!     StumbleUpon     Del.icio.us    RELATED CONTENT Malware and other Windows security threats Prevent malware infection with malware detection tools Does Vista mean the end of malware? Zero-day attack prevention Remove bots from your system -- a four-step process Define server roles, counterattack zero-day threats Harden your network services and contain zero-day threats Step-by-Step Guide: Finding and removing a rootkit Step 1: Is there a problem Step 3: Clean up the mess Step 2: Choose the right scanning tool Malware and other Windows security threats Research Microsoft Windows Patch Management Revised hotfix for 'animated-cursor exploit' released Excel, Office '07 affected by patch updates; Vista left alone IE6 vulnerability included in Patch Tuesday update Patch management: Are off-cycle, third-party patches trustworthy? Microsoft delivers 10 patches and tool update Standalone patch management vendors under siege Patch Tuesday will see the release of 13 security updates Third-party patches appear for new Internet Explorer flaw Evolution of the VML flaw Developing a Windows patch methodology Microsoft Windows Patch Management Research RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary patch management  (SearchWindowsSecurity.com) RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.