What could have been done differently?

• Previous message (by thread): What could have been done differently?
• Next message (by thread): What could have been done differently?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

| Many different companies were hit hard by the Slammer worm, some with
| better than average reputations for security awareness.  They bought
| finest firewalls, they had two-factor biometric locks on their data
| centers, they installed anti-virus software, they paid for SAS70
| audits by the premier auditors, they hired the best managed security
| consulting firms.  Yet, they still were hit.

Because they hired people (staff or outsourced) that made them feel
comfortable, instead of getting the job done.

| Its not as simple as don't use microsoft, because worms have hit other
| popular platforms too.

But this worm required external access to an internal server (SQL Servers
are not front-end ones); even with a bad or no patch management system, this
simply wouldn't happen on a properly configured network. Whoever got
slammered, has more problems than just this worm. Even with no firewall or
screening router,  use of RFC1918 private IP address on the SQL Server would
have prevented this worm attack

| Are there practical answers that actually work in the real world with
| real users and real business needs?

Yes, the simple ones that are known for decades:
- Minimum-privilege networks (access is blocked by default, permitted to
known and required traffic)
- Hardened systems (only needed components are left on the servers)
- Properly coded applications
- Trained personnel

There are no shortcuts.

Rubens Kuhl Jr.

• Previous message (by thread): What could have been done differently?
• Next message (by thread): What could have been done differently?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]