A 0day with an automatic discovery and dissemination tool shouldn't beObservations like this once more seem to reconfirm that the bad guys are increasingly focusing on OSI layer 7 and above. While not to be ignored, simply putting up a firewall to keep unwanted traffic out, and an IDS to make sure the firewall is working well (or an IPS, if you prefer) is not sufficient.
a surprise to anyone. The fact that it's hit hundreds of thousands of
sites in less than a couple of weeks is slightly surprising, though it
mainly means that the bad guys are moving fast. Is this just the next
step in Internet security, where we have new 0day vulnerabilities
sweeping through web servers on a regular basis?
Source: Network Security Blog
While hardening systems by applying patches (operating system, as well
as all applications) and limiting servers to only provide services that
are required remains critical to limit your technical exposure,
malicious traffic traveling on legitimate channels remains effective.
what can be done? It is essential that deciding what is desired
behavior when it comes to using information is done ahead of time.
Users must be educate about proper use of information technology.
Processes that use our information must be designed in a way that they
reasonably prevent undesired use, and that they behave predictably when
they fail. We must develop an enterprise architecture that supports our
processes effectively and efficiently. We must put monitoring controls
in place to detect when (not if!) our preventative controls fail. We
must be prepared and know how to respond when those failures are
detected. Bottom line?
1. Develop and maintain information security policy
2. Design and maintain business processes
3. Develop and maintain user awareness
4. Develop and maintain an enterprise architecture that is aligned with the business processes
5. Implement a technical infrastructure based on the enterprise architecture
6. Monitor processes and infrastructure for signs of failure
7. Respond to incidents
8. Go to 1.