Slammer worm exploits risk management lapses. (Risk Reporter).
In South Korea, the world's most wired country, Slammer nearly cut off all Web access. The U.S. State, Agriculture, Commerce and Defense departments were hit hard. On a local level, cities' 911 call centers were shut off. Customers of the Bank of America and the Canadian Imperial Bank of Commerce were unable to withdraw money from ATMs. News services such as the Associated Press, the Philadelphia Inquirer and the Atlanta Journal-Constitution suffered varying degrees of disruption. American Express customers were prevented from reaching the company's Web site. Microsoft customers could not access the software giant's Web site to unlock antipiracy features of recent products Windows XP and Office XP. Continental Airlines experienced disruptions at some of its terminals in Texas and Ohio.
By the time Slammer ran its course, the worm had caused more damage than many experts had believed was possible from such an attack. Like its infamous predecessor, Code Red--the worm that infected computers worldwide and launched a denial-of-service attack against the White House last summer--Slammer was a potential taste of things to come, warned Richard Clarke, President Bush's top cybersecurity adviser. When Clarke announced his retirement from the position a few days after the Slammer attack (for reasons unrelated to the worm incident), he warned that Slammer was a very simple and easily written worm, and that future attacks using more advanced programs could cause devastating amounts of damage, especially to systems with known vulnerabilities. This came as unwelcome, if unsurprising, news to corporate-level system administrators tasked with maintaining their company's server capacity and integrity.
Many experts have since blamed Microsoft for Slammer's effects, since the company is infamous for releasing software that can be exploited by malignant codes. But a week before Slammer struck, Microsoft released a patch for SQL Server 2000 that would have protected computers from the worm. Many system administrators, however, never installed the patch. Was Slammer a preventable problem?
"It is not fair to conclude that this is a result of people's failure to patch," says Aaron Latto, e-commerce underwriting director of the St. Paul Companies global technologies unit. He explains that patching servers is potentially difficult and time-consuming work, especially because servers are a dynamic environment, often running multiple patches on multiple programs. Until it is installed, there is no telling what nasty side effects a patch might impart to the machine it is supposed to protect. And even if a patch is successfully installed and runs smoothly, Latto says, it still takes a lot of time and energy from a company's IT department. Most firms simply do not have the IT resources to keep their systems up to date, so patching becomes a minor priority or is discarded altogether.
Making matters worse is the legacy factor, Latto says. It is one thing for Microsoft to introduce a patch for its most current software, but there are many layers of older machines and older codes. For these computers, software manufacturers have no solutions to offer.
Symantec, a provider of anti-virus software, suggests that all users and administrators adhere to a basic set of best practices to protect against viral or worm attacks. In addition to keeping patch levels up to date (especially on computers that host public services and are accessible through a firewall), these include:
* Turning off and removing unneeded services, such as FTP servers, telnets and Web servers, since these are common avenues of attack.
* Enforcing a password policy in order to make machines both more difficult to crack into, and to help prevent or limit damage done to compromised machines.
* Configuring e-mail servers to block or remove e-mail containing attached programs or unfamiliar files, which are often used as viral hosts. Also, training employees not to open e-mail attachments unless they are from a trusted source.
* Isolating infected computers quickly, and performing forensic analysis to restore the machines.
|Printer friendly Cite/link Email Feedback|
|Comment:||Slammer worm exploits risk management lapses. (Risk Reporter).|
|Date:||Apr 1, 2003|
|Previous Article:||Hail reporting via e-mail. (Marketplace).|
|Next Article:||Smallpox research causes concern over public health risks. (Risk Reporter).|
|e-business: 'Slammer' worm boost to hacker insurance market.|
|System administrators blame each other for spread of Slammer. (Virus Notes).|
|Sophos warns of Dasher-B worm.|
|New virus diguised as Saddam Hussein death.|