2 cissp ® Official Study Guide Eighth Edition

Implementing Detective and Preventive Measures 
753
Attacks exploiting the vulnerability during this time are often called zero-day exploits 
because the public does not know about the vulnerability. 
Vendor Releases Patch
Once a patch is developed and released, patched systems are no 
longer vulnerable to the exploit. However, organizations often take time to evaluate and 
test a patch before applying it, resulting in a gap between when the vendor releases the 
patch and when administrators apply it. Microsoft typically releases patches on the second 
Tuesday of every month, commonly called “Patch Tuesday.” Attackers often try to reverse-
engineer the patches to understand them, and then exploit them the next day, commonly 
called “Exploit Wednesday.” Some people refer to attacks the day after the vendor releases 
a patch as a zero-day attack. However, this usage isn’t as common. Instead, most security 
professionals consider this as an attack on an unpatched system. 
If an organization doesn’t have an effective patch management system, 
they can have systems that are vulnerable to known exploits. If an attack 
occurs weeks or months after a vendor releases a patch, this is not a zero-
day exploit. Instead, it is an attack on an unpatched system.
Methods used to protect systems against zero-day exploits include many of the basic 
preventive measures. Ensure that systems are not running unneeded services and protocols 
to reduce a system’s attack surface, enable both network-based and host-based fi rewalls to 
limit potentially malicious traffi c, and use intrusion detection and prevention systems 
to help detect and block potential attacks. Additionally, honeypots and padded cells give 
administrators an opportunity to observe attacks and may reveal an attack using a zero-
day exploit. Honeypots and padded cells are explained later in this chapter.

Download 19,3 Mb.

Do'stlaringiz bilan baham: