Inside Cyber Warfare - Jeffrey Carr [94]
Once attackers successfully exploit a client-side vulnerability, they not only gain access to all the data and information located on the compromised system, they also gain access to all the resources available to it. For example, if the compromised system is part of a larger network, the attacker gains access to that larger network. In this sense, the attacker uses the compromised machine as a stepping-stone for further attacks in the internal network. Often internal resources are not as well protected as Internet-facing resources, making them easy targets for attackers who have gained access to internal networks.
Protecting against 0day exploits
There is simply no specific defense against 0day exploits. Each 0day exploit is unique, and only the attacker knows the full details of the 0day vulnerability. However, there are some steps that an organization can take to minimize the damage done by 0day vulnerabilities.
Defense in Depth
There is simply no substitute for defense in-depth for organizations. Defenses are layered, protecting sensitive data and critical systems through many different types of defense mechanisms. This forces the attacker to increase the intelligence-gathering effort needed for successful exploitation, as he will have to understand each defensive layer protecting the desired information. A solid defense in Depth strategy also dramatically increases the sophistication and effort required for a successful exploit, as the attacker must now bypass many defenses and not just one. Defense in Depth cannot guarantee safety from exploitation attempts by sophisticated attackers, but it does increase the footprint and increase the likelihood of early detection.
Using technologies such as MOICE and virtualization
Office documents are becoming increasingly popular attack surfaces. Until Microsoft transitioned to an XML format for their Office documents, files such as Microsoft Word (.doc), PowerPoint (.ppt), and Excel (.xls) documents were binary formats. Binary formats are tremendously challenging to parse and consume, opening up a large attack surface. There has been a surge in Microsoft Office-related exploits in the past few years due to its popularity in large corporations and governments. To combat this rise, Microsoft has developed the Microsoft Office Isolated Conversion Environment (MOICE) to help “reduce the security risk” of opening these documents. MOICE converts the traditional Office binary file format into the new Office Open XML format, helping to remove potential threats that may be hidden inside the binary contents of the Word document. Technologies such as virtualization allow for the execution of malicious code within controlled and constrained environments, so when 0day exploits are discovered, examination of the characteristics and the “signature” of the exploit can be examined in a safe manner.
NOTE
Additional information related to the MOICE can be found on Microsoft’s support site at http://support.microsoft.com/kb/935865.
Physical separation between data of varying sensitivity
A common operational security measure within government and military networks is the physical separation of networks according to classification of data. Unclassified information is physically separated from data marked SECRET, which is in turn separated from data marked TOP SECRET. The physical separation of data represents one of the most effective means