RE: Definition of Zero Day Protection

From: Rob Shein (shoten_at_starpower.net)
Date: 08/09/04

  • Next message: Joel Snyder: "Re: Definition of Zero Day Protection" 
    To: "'Teicher, Mark (Mark)'" <teicher@avaya.com>, <focus-ids@securityfocus.com>
Date: Mon, 9 Aug 2004 13:18:32 -0400

    I doubt there's a single definition with any kind of official blessing from
    a standards group of any sort. I would consider it to be the ability of an
    application or inline system to detect a buffer or heap overflow, format
    string attack, or something similar...and stop it...without having the
    ability to precisely recognize it. The last part is the key; it doesn't
    have to know WHICH one it is, but rather recognize it as an attack based
    upon a characteristic (like a huge sequence of NOPs) that would be common to
    most or all such attacks, without regard to whether or not the vulnerability
    it exploited was previously known or not. Of course, it would be nice from
    an alerting standpoint to know which attack it was, if it already was a
    known one, but that's not part of the 'zero day' concept.

    > -----Original Message-----
    > From: Teicher, Mark (Mark) [mailto:teicher@avaya.com]
    > Sent: Sunday, August 08, 2004 9:48 PM
    > To: focus-ids@securityfocus.com
    > Cc: Seanor, Joseph (Joe)
    > Subject: Definition of Zero Day Protection
    >
    >
    > What is Zero Day Protection, I think I understand the
    > definition of Zero Day Exploits. But what is Zero Day
    > Protection? Another marketing blurb
    > or it can vendors actually offer zero day protection?
    >
    > Thank you for clarifying my confusion
    >
    > /m
    >
    > --------------------------------------------------------------
    > ------------
    > Test Your IDS
    >
    > Is your IDS deployed correctly?
    > Find out quickly and easily by testing it with real-world
    > attacks from CORE IMPACT. Go to
    > http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_04
    0708 to learn more.
    --------------------------------------------------------------------------

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE
    IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------

  • Next message: Joel Snyder: "Re: Definition of Zero Day Protection"

    Relevant Pages

    • Re: No Black Ice trial-ware or free version?
      ... understand that an attack can come from many program types such as an OCX, ... And BID does this very well. ... Too me a software firewall for the Windows desk top means: ... Know to enable the protection features that IE and OE have available on ...
      (comp.security.firewalls)
    • Re: Definition of Zero Day Protection
      ... intrusion detection systems. ... by the offending marketing group of a system that offers "Zero Day ... Protection" is that the system is somehow nondeterministic in how it ... The concept of an IDS is simple, we tell it what to look ...
      (Focus-IDS)
    • Re: Top General "Under the Gun"
      ... if the Enlightened Ones included Germans as a protected ... choosing which groups deserve special protection and privileges. ... Good hate crime laws ... to specific groups that are under a specific risk of specific attack. ...
      (rec.sport.football.college)
    • Re: A Conservative Viewpoint...
      ... Protection of Works and Installations Containing Dangerous ... such attack may cause the release of dangerous forces and consequent ... Other military objectives ...
      (rec.music.gdead)
    • RE: Definition of Zero Day Protection
      ... Definition of Zero Day Protection ... the security community tend not to understand zero day attacks. ...
      (Focus-IDS)
    Loading