Re: How do I defend against 0day?

["Halvar Flake" <halvar () gmx de>]

Since this was a serious question, my advice regarding protection from 0day:

1) If you are a private entity with a limited downside to data loss,
don't bother protecting. Insure.
2) Everybody lives with insecure doorlocks. Nobody worries about 0day
against locks: Insurance will cover you.
3) If you feel like you absolutely have to protect against 0day, do:
    2.1) Minimize the amount of code running. Try to cut it to a
quantity that you can read & understand. (Good luck).
    2.2) Make sure you have something equivalent to pax
    2.3) Avoid anything that would allow an attacker active scripting in
any way, shape, or form. No Jscript, No Flash etc.
    2.4) Contemplate recompiling the system from scratch using data
structure layout randomization
    2.5) Try to understand published attack methods to better be able to
evaluate countermeasures
    2.6) Monitor the system carefully. Log all network traffic in and
out, and try to account for any outflow.
    2.7) Avoid giving any attacker any information about applications,
OS versions etc.

If you are still getting work done at this point, I can invent more
productivity-destroying measures :)

0day protection is a bit like minimizing risk for STDs. As you add
layers of protection, you approach abstinence quickly --
e.g. reaching a state where you still carry a risk of dying but have
none of the fun.

Cheers,
Halvar
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave