38 chapTer 2 Malware Attacks and when the signature is available. So, how can we protect ourselves against this unknown malware? There are a multitude of methods and products that can be utilized in the defense of unknown malware. Some of the more common methods include the following: · · · · · · · · Utilize network-based intrusion prevention systems. Utilize host-based intrusion prevention software. Restrict administrative rights. Utilize products that can implement blacklist and whitelist. A blacklist is a list of sites that are not trusted, whereas a whitelist is a list of trusted sites. Disable active content, such as activeX. Utilize multiple versions of antivirus and antispyware software. What one vendor's software misses the other may detect. Lock down USB ports. USB drives used on other devices may contain viruses. Disable unneeded services. Attackers are aware of the different default services running on operating systems. They can use these services as a means of infect- ing a system. Disabling unneeded services will reduce one's chance of being infected. wARNINg Intrusion prevention systems use an anomaly-based method to detect zero-day attacks. the way this works is by placing the intrusion prevention system in what is commonly referred to as "learning mode." During learning mode the system learns what the "normal" communications are in the environment. Once moved from "learn mode" to "protect mode," the system will allow "normal" communications and prevent the anomaly traffic. this sounds good in theory; however, what the system considers "normal" communications may not be what your company considers "normal" communications. If this is the case, a large amount of company traffic could be blocked. So, when implementing intrusion prevention systems, the results of the learn mode should be reviewed and tweaked to match the actual "normal" traffic for your environment. Once again, this list is only a list of some of the most common mitigation techniques. It is by no means an exhaustive list and should not be taken that way. Implementing these techniques will reduce the chance of infection; however, it will not eliminate the possibility. Nothing can ever guarantee that one will not become infected. Mitigating Cross-Site Scripting Attacks XSS is a very nasty attack technique. As mentioned earlier, a good amount of the mitigation of XSS resides with the social networks. However, we are not going to leave the end user hanging out to dry. There are still some things we can do to help protect ourselves. To begin with we need to do all of the following: · · Disable scripting when it is not required. Disable cookies.