General Security Concepts: Attacks • Chapter 2  95


                 Q: How can my applications be protected against buffer overflow attacks?
                 A: It’s impossible to provide 100 percent protection, but a good start is making
                    sure you are current with patches from the software vendor.Another approach
                    for developers is to perform code reviews, looking for overlooked flaws in the
                    code that could potentially be exploitable, and adopting secure coding practices
                    with a security development lifecycle.


                 Q: Is there any way to protect against dumpster diving?
                 A: Having a policy in place that requires shredding of any discarded company doc-
                    uments will provide a decent amount of protection against dumpster diving.
                    Remember, any document with employee names, phone numbers, or e-mail
                    addresses could be potentially used against you by a social engineer.


                 Q: What can be done to guard against the dangers of social engineering?
                 A: A policy forbidding the disclosure of information over the phone and e-mail is
                    a good place to start.Warn employees that they need to be able to verify the
                    identity of any person requesting information. Let them know that they will
                    not be reprimanded for strictly enforcing this policy. Some employees worry
                    that if a “boss” asks for information, they should give it immediately.
                    Additionally, create an environment where information is obtained in appro-
                    priate ways, rather than blindly over the telephone or via e-mail.


                 Q: My company has a firewall, do I need to worry about worms?
                 A: Yes. Many users these days have laptop computers that are connected to a
                    number of different networks. Each new network is a new vector for worm
                    attack. Many companies stand to face outages caused by worms brought in on
                    employee laptops.Also, some worms/virus/Trojans are unwittingly downloaded
                    from seemingly harmless Web sites. Firewalls need to inspect all allowed traffic
                    to filter out attacks through normally safe protocols.


                 Q: What’s the best way to keep on top of new security vulnerabilities, exploits, and
                    dangers that my company faces?
                 A: There are a multitude or resources to keep you informed on the latest security
                    concerns.You should subscribe to at least one (and maybe more) e-mail bul-
                    letins and security-related newsletters. Some of the most common include
                    those from Microsoft (www.microsoft.com/security), SANS (www.sans.org),




                                                                              www.syngress.com