Q&A: Basic security practices can ward off Slammer-like worms

When the Slammer worm hit last month, it choked large Internet service providers worldwide. Slammer exploited a vulnerability in Microsoft SQL Server and spread without the assistance of an e-mail attachment, the vehicle of choice for most worms. Instead, it used the SQL monitor port to spread to other vulnerable systems. Nearly a month later, the worm and the havoc it caused are a distance memory for some. However, according to security expert Ed Yakabovicz, the impact of a security breach such as the one posed by Slammer can be prevented, or at least limited, by following a few basic, but important, security practices.

Q: What can be done at this point to protect enterprises from being infected further?
Change the default settings and ensure that the design of the network's internal infrastructure is as protected as the external, Internet-facing devices -- hard and crunchy on the outside and on the inside. Q: Who is to blame for the Slammer worm? Microsoft? Indifferent system administrators?
I feel Microsoft still plays a huge role in the blame, only because of the lack of security standards. To compensate for this, as I've stated in the previous question, information security practices can mitigate any of Microsoft's inherent security issues. Q: Do you expect more worms like this to attack the Web?
Yes. As a standard malicious code practice, this is any easy worm to write. Q: How has the Slammer worm affected the way we store and manage data?
The latest event has again brought to the forefront of computer technology the fact that information security practices and standards are important to all parts of a network domain. The inside of the network should be as hardened as the outside. Q: What advice can you give users who want to be proactive against these types of attacks?
Utilize information security professionals to review and recommend best practices for all computer devices in the internal and external networks. Do not depend on systems administrators to provide security. Test, test and still test some more using scanning tools, virus checkers and other automated tools to find the risk and correct any external and internal vulnerabilities. Finally, fix those vulnerabilities in an expedited manner with the support of upper management (who should understand the consequences, such as Slammer) for doing so. Too many times I still get asked why we need to lock down devices inside the network, such as SQL devices, and too many times the answer is provided by bad practices and the arrival of malicious code such as Slammer.

FOR MORE INFORMATION:

SQL worm slows Internet; some root DNS servers down

Assigning blame for Slammer misguided

Slammer worm threat to remote storage

Q: What should have been done but wasn't, in the case of Slammer?
Basic information security practices of changing the default port setting on any vendor-provided software. As an easy information security practice, some folks just don't get it. Changing all defaults for software is the first step to [defeating] malicious code such as Slammer. This includes ports, user IDs and any other setting that is so easy [to] change.
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSolidStateStorage

SearchVirtualStorage

SearchCloudStorage

SearchDisasterRecovery

SearchDataBackup

Close