Network Administration / Security

Define server roles, counterattack zero-day threats

Zero-day exploits are an unsettling issue for any administrator who is concerned with security. A zero-day exploit is an exploit against a previously undiscovered and undocumented vulnerability. The problem with zero-day exploits is that you are trying to protect the system against security holes that may or may not even exist. This means that you can't just apply a security patch to prevent the vulnerability from being exploited, because no one except for the hacker who exploits the vulnerability knows about it.

While you can't usually rely on patching as a mechanism for protecting you from zero-day exploits, there are some things you can do to harden your server and make your system far less susceptible to these types of attacks.

By far the most effective countermeasure against a zero-day exploit is to reduce the attack surface on your systems. Imagine a hacker launching a zero-day exploit against a previously undiscovered security hole in Internet Information Server (IIS). Depending on the nature of the vulnerability, such an attack could be catastrophic if IIS is installed.

That's why it's a good security practice to take a role-based approach in regards to your servers. Try specifically defining the tasks that each server on your network is required to perform. By doing so, you can easily determine which system components are and are not required in order to perform the necessary tasks. For example, if a server is acting solely as a file server, then there is no reason why it would need to run components like IIS or the Print Spooler service.

It is best to configure each server so it performs only a single task. That way, you not only reduce the server's attack surface, but you also make it far easier to determine which system components are required in order for the server to do its job.

More on zero-day threats
Harden your network services and contain zero-day threats
Eliminate zero-day threats with virtual server technology

Contact Us | Authors | Subject Index | RSS Feeds

Copyright ©2007