Security Tips: Exploit Protection
Exploits are attacks against a victim or network using weaknesses in the software (operating system or applications) the victim or network is using. These attacks usually take the form of intrusion attempts, denial of service attacks (commonly called DoS attacks) or attempts to destroy or capture data. While it may not be possible to anticipate all the possible methods of attack an exploit may use, it is possible to define the vehicles that will probably be used for those attacks and devise a protective strategy based on that knowledge.
The two most common vehicles used today for exploits are email and web browsing. The reason for this is twofold. First, all web browsers and many email clients have powerful capabilities that can be exploited. Second, using email and web browsers to attack a network bypasses the security systems network engineers have put in place to protect the network against such attacks. While technology is being developed to protect networks from such attacks, the final responsibility for exploit protection will remain with the users.
To protect yourself from email and web browser exploits:
- NEVER OPEN EMAIL ATTACHMENTS! The only exception to this should be when you receive an attachment directly from someone you know (not forwarded) AND you are certain it is safe.
- DON'T USE HTML EMAIL. HTML email allows exploits to operate. If you don't use HTML email, you "turn off" email exploits. You can leave HTML email on, if your client allows you to turn off active content.
- Don't let curiosity get the better of you. If you don't know what something is, the correct action is to delete it, not run it.
- Keep your operating system up to date.