More Related Content
Similar to Preventing zero day cyber attacks (20)
Preventing zero day cyber attacks
- 1. Tricks to remain immune from newTricks to remain immune from new
and upcoming virus, even before
your anti-virus is updated
Expect the Unexpected: Heraclitus [Greek Philosopher]
1© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 2. DEFINE THE PROBLEM :
Accessing your
organisation’s
security posture is
critical to understand
steps to take for
adequate security to
information data,
identity data and
DEFINE THE WORKSPACE:
IDENTIFY THE DOORS:
DEPLOYING SPECIALIST S/W:
identity data and
operations. MAP YOUR OFFICE:
ACCESS CONTROL:
KEEPING SYSTEMS UPDATED:
2© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 3. • Despite having an Anti-virus, your
computer users complain of slow system
performance, or internet access, or
computer users complain of slow system
performance, or internet access, or
printing taking more than usual time.
• You suspect, some virus at work, but
believe that your anti-virus software
might be working, so ignore the suspect,
and try troubleshooting the problem,
usually ending up formating the system,
PROBLEM DEFINED:
and try troubleshooting the problem,
usually ending up formating the system,
and in effect reducing productivity of that
user for the time you are busy formating,
and installing relevant new software.
3© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 4. • Talking to the antivirus vendor,
might result in them giving amight result in them giving a
new tool for solving the problem
at hand.
• However, such problems can be
prevented if you follow some
simple procedures.
USUAL FIRST STEPS:
simple procedures.
• Know what you are managing…
4© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 5. • List down all applications in use in your
organisation, and selectively, whitelist
them in your Antivirus software. This can
APPLICATION WHITELISTING
them in your Antivirus software. This can
easily be achieved by keeping the
administrator account password within
IT, and letting users run known programs.
Any new entrant, patch to existing
program should be tested in a sandbox
computer before installing on production
systems.
DEFINED WORKSPACE:
systems.
• Whenever the antivirus detects a
malware/trojan, update your application
blacklist, and get the end clients to
update themselves of the changes
5© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 6. • Enlist all entry points into your IT
systems…they can be mail
KNOW WHAT TO PROTECT
systems…they can be mail
servers, webservers, FTP servers,
SQl databases, firewalls,
fileservers etc
• An anti virus at all entry points
IDENTIFY THE DOORS:
• An anti virus at all entry points
into your IT infrastructure helps
prevent known virus and
malware/trojans entering.
6© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 7. • Pick appropriate type of antivirus, say, a
mailserver, cannot be fully protected, if
you install desktop antivirus on that
APPLICATION WHITELISTING
mailserver, cannot be fully protected, if
you install desktop antivirus on that
computer. You need to have an
antivirus in-line with the server
process, say SMTP Anti-virus server,
POP/IMAP Antivirus server.
• Usually these antivirus are specialised
SPECIALIST S/W:
• Usually these antivirus are specialised
apps, sold by the mailserver vendor, or
system integrator. Take their help in
identifying right selection.
7© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 8. • Know the architecture of the network at
your office, if required, redesign that to
make small segments. Small segments
NETWORK SEGMENTATION
make small segments. Small segments
help control broadcasts, and virus self-
propogation. The trojan/malware will get
limited within that segment.
• Usually these segmentation is achieved
by VLANs, or simple TCP IP addresses of
different subnets.
• The idea is to separate networks of
MAP YOUR OFFICE:
• The idea is to separate networks of
computers of different risk profile users,
such as finance, sales, marketing and
management; Internet facing computers,
DMZ devices etc.
8© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 9. • Give users access to only those
folders they need to access. DO not
LIMIT USERS NETWORK RIGHTS
folders they need to access. DO not
give them full access to folders ever.
By default, all folders should be NOT
SHARED.
• Give sharing on a need-to-know basis.
• Do not allow users to use
administrator accounts. Change
ACCESS CONTROL:
administrator accounts. Change
passwords of all administrator users,
and give them standard users
privileges.
9© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 10. • Keep all the entry point
servers/routers/firewalls/
KEEP YOUR ENTRY POINTS UPDATED
servers/routers/firewalls/
gateways patched to recent
updates sent by the manufacturer.
• Most hackers have access to
known vulnerabilities, and keep
UPDATES:
Most hackers have access to
known vulnerabilities, and keep
seeking unpatched systems to
attack.
10© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 11. • If at all you are in the middle of an attack, identify infected
systems, isolate them from network, limit the damage,
keep communicating with the stakeholders involved, such
KEEP YOUR COMMUNICATIONS HANDY
keep communicating with the stakeholders involved, such
as end-users, managers, data owners and management.
• Your management does not want to hear the technical
details of what exactly happened, keep an executive
summary ready, which would have key elements
answered: how long would it take to kick back to service,
how much cost [if any] and if standby systems are ready,
RESPONSE:
how much cost [if any] and if standby systems are ready,
their status, and system availability.
• Communicate with all levels, if any Dos or DON’ts have to
be followed immediately, verbally, or via available
communication means.
11© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 12. Today’s IT professionals must equip themselves for not onlyToday’s IT professionals must equip themselves for not only
known threats, but the new reality of unknown threats.
Troubleshooting, prevention of recurrence and communication
are key skills you should have.
Finally, be ready for any eventuality, anytime, as rightly phrased
by the ancient Greek philosopher Heraclitus
“Expect the Unexpected”“Expect the Unexpected”
12© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com
- 13. I AM REACHABLE ON
PCTHAKKAR @ GMAIL . COM
13
@pcthakkar/pcthakkar
© Paresh Thakkar CISM, CEH, ECSA, MBA email: pcthakkar@gmail.com