Office Hours
     M-F 8am-Noon, 1pm-5pm
     Call and leave voice mail
     or email
    
ISO Main #'s
    Phone: 972-883-6810
    Fax: 972-883-6865
Physical Location
    Research and Operations
    Center (ROC)
    2.604
Mail Station: ROC43

Directions to UT Dallas

Forms
Forms
(You MUST be on a UT Dallas Network or using VPN)
Web + Email Security
Security Tips & Threats

Security Tips: Exploit Protection

Exploits are attacks against a victim or network using weaknesses in the software (operating system or applications) the victim or network is using. These attacks usually take the form of intrusion attempts, denial of service attacks (commonly called DoS attacks) or attempts to destroy or capture data. While it may not be possible to anticipate all the possible methods of attack an exploit may use, it is possible to define the vehicles that will probably be used for those attacks and devise a protective strategy based on that knowledge.

The two most common vehicles used today for exploits are email and web browsing. The reason for this is twofold. First, all web browsers and many email clients have powerful capabilities that can be exploited. Second, using email and web browsers to attack a network bypasses the security systems network engineers have put in place to protect the network against such attacks. While technology is being developed to protect networks from such attacks, the final responsibility for exploit protection will remain with the users.

The capabilities of web browsers and modern email clients that can be exploited are: active scripting (such as Javascript™, Visual Basic™ scripting and ActiveX™) and JAVA™. Any weakness in the security models for these capabilities may lead to a complete breach of operating system security. This means that the attacker will be able to take any action on the system that the victim has the ability to do, including creating, modifying and deleting files, running programs on the victim machine or utilizing other network resources that the victim has access to.

To protect yourself from email and web browser exploits:

  • NEVER OPEN EMAIL ATTACHMENTS! The only exception to this should be when you receive an attachment directly from someone you know (not forwarded) AND you are certain it is safe.
  • DON'T USE HTML EMAIL. HTML email allows exploits to operate. If you don't use HTML email, you "turn off" email exploits. You can leave HTML email on, if your client allows you to turn off active content.
  • NEVER BROWSE THE WEB WITH ACTIVE CONTENT ON. Turn off JAVA™, Javascript™, Visual Basic™ scripting and ActiveX™ content. (An explanation of how to do this is provided on the Intrusion Protection page.)
  • Don't let curiosity get the better of you. If you don't know what something is, the correct action is to delete it, not run it.
  • Keep your operating system up to date.