What is an Exploit?

Exploits are attacks against a system that take advantage of one or more weaknesses in the system. These attacks usually take the form of intrusion attempts, denial of service attacks (commonly called DoS attacks) or attempts to destroy or capture data. It is not possible to anticipate all the methods of attack an exploit may use, but it is possible to define the likely delivery vehicles for those attacks and devise a protective strategy based on that knowledge.

The Weak Link

The two most common vehicles used today for exploits are email and web browsing. The reason for this is twofold. First, all web browsers and many email clients have powerful capabilities that can be exploited. Second, using email and web browsers to attack a network often bypasses some of the security systems designed to protect against such attacks. While technology helps to protect networks from such attacks, the ultimate responsibility for exploit protection will always rest with the users.

To protect yourself from email and web browser exploits:

• NEVER open e-mail attachments unless the attachment comes directly from someone you know (not forwarded) AND you are certain it is safe.
• AVOID the use of HTML formatting for e-mail. If you use HTML-formatted e-mail, be sure you have turned off active content in your e-mail client.
• NEVER browse the web with active content on. Turn off JAVA™, Javascript™, Visual Basic™ scripting and ActiveX™ content. (An explanation of how to do this is provided on the Intrusion Protection page.)
• DON'T let curiosity get the better of you. If you don't know what something is, the correct action is to delete it, not run it.
• KEEP your operating system up to date with patches