Captus Networks Offers Immediate Denial of Service 'DoS' Prevention Tips in Face of New Code Red Outbreak.Business Editors/High-Tech Writers WOODLAND, Calif.--(BUSINESS WIRE)--Aug. 21, 2001 Salutes New McAfee (McAfee, Inc., Santa Clara, CA, www.mcafee.com) A leading provider of intrusion prevention software. In 1997, McAfee Associates and Network General merged to become Network Associates. Patch, but Concerned New DoS Initiative Won't won't Contraction of will not. won't will not won't will Stop Problem Today; Fears Businesses Will Be Lulled into Thinking New Solution is at Hand
WHAT: For companies suffering from the Code Red worm's latest round
of attacks begun this week -- or concerned that they might --
Captus Networks, an integrated security provider, offers
advice that can be employed today to mitigate against
increasingly more difficult and more complex denial of service
(DoS) attacks. The Microsoft and McAfee patches can stop the
latest version of the Code Red worm from getting into a
company's systems, but they won't be effective as the worm
takes new forms, and they can't stop infected systems from
becoming the source of DoS attacks. It is estimated that
hundreds of thousands of Microsoft IIS servers have not been
patched or still have backdoors open that allow them to be
enlisted in a DoS attack. Captus offers the only means on the
market today by which attacks can be automatically and
dynamically halted in less than one second, whether they
originate from outside or inside a network.
As a result, Captus lauds McAfee, a division of Network
Associates (Nasdaq:NETA), for its reaction to the Code Red
worm and advises businesses to immediately update their virus
protection software with the new patch. But, Captus president
and CEO, Richard Helgeson, is concerned that McAfee's new DoS
initiative with Arbor Networks, Asta Networks and Mazu
Networks might give businesses a false sense of security.
Helgeson believes the McAfee worm patch plus the Captus inline
technology provides the only complete solution to detect and
stop the Code Red worm effectively.
The biggest single problem with offline notification
technology is that it only acts forensically, alerting systems
administrators that there is a problem, notes Helgeson. While
humans then try to figure out manual solutions to stop a DoS
attack, minutes or hours will have passed, allowing
significant and often irreversible damage to occur.
According to Helgeson, "the truth is, you don't get a few
hours to mitigate a DoS attack. According to a recent study by
the University of California, San Diego, more than 80 percent
of attacks last under 30 minutes. By then, damage from the
attack has already been done, resulting in a potential loss of
customers, future sales and millions of dollars to businesses
worldwide."
WHO: Richard G. Helgeson, president and CEO, Captus Networks, and a
security expert and 27-year system and network industry
veteran, can further comment on:
-- Why the new McAfee initiative, and the majority of DoS
attack solutions today, are steps in the right direction
but don't solve today's security threats.
-- How businesses can protect themselves from DoS attacks,
Code Red and other such threats, like:
-- Ensure IT staff has adequate security training -
amazingly, thousands of systems are still not
protected from Code Red and other such attacks
resulting from poor training.
-- Ensure all servers are updated with recommended
systems and security patches. CERT can trace almost
every common DoS attack to improperly maintained
systems -- even with the heightened awareness of Code
Red, and it's more disturbing sister, Code Red II.
|
|
Printer friendly
Cite/link
Email
Feedback
Reader Opinion