Interview

Q&A: Basic security practices can ward off Slammer-like worms

Maryann Tripp, Assistant Site Editor
Q: What can be done at this point to protect enterprises from being infected further?
Change the default settings and ensure that the design of the network's internal infrastructure is as protected as the external, Internet-facing devices -- hard and crunchy on the outside and on the inside. Q: Who is to blame for the Slammer worm? Microsoft? Indifferent system administrators?
I feel Microsoft still plays a huge role in the blame, only because of the lack of security standards. To compensate for this, as I've stated in the previous question, information security practices can mitigate any of Microsoft's inherent security issues. Q: Do you expect more worms like this to attack the Web?
Yes. As a standard malicious code practice, this is any easy worm to write. Q: How has the Slammer worm affected the way we store and manage data?
The latest event has again brought to the forefront of computer technology the fact that information security practices and standards are important to all parts of a network domain. The inside of the network should be as hardened as the outside. Q: What advice can you give users who want to be proactive against these types of attacks?
Utilize information security professionals to review and recommend best practices for all computer devices in the internal and external networks. Do not depend on systems administrators to provide security. Test, test and still test some more using scanning tools,

    Requires Free Membership to View

virus checkers and other automated tools to find the risk and correct any external and internal vulnerabilities. Finally, fix those vulnerabilities in an expedited manner with the support of upper management (who should understand the consequences, such as Slammer) for doing so. Too many times I still get asked why we need to lock down devices inside the network, such as SQL devices, and too many times the answer is provided by bad practices and the arrival of malicious code such as Slammer.

FOR MORE INFORMATION:

SQL worm slows Internet; some root DNS servers down

Assigning blame for Slammer misguided

Slammer worm threat to remote storage

Q: What should have been done but wasn't, in the case of Slammer?
Basic information security practices of changing the default port setting on any vendor-provided software. As an easy information security practice, some folks just don't get it. Changing all defaults for software is the first step to [defeating] malicious code such as Slammer. This includes ports, user IDs and any other setting that is so easy [to] change.

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: