nanog mailing list archives
Re: What could have been done differently?
From: "Rubens Kuhl Jr." <rkjnanog () ieg com br>
Date: Tue, 28 Jan 2003 11:13:19 -0200
| Many different companies were hit hard by the Slammer worm, some with | better than average reputations for security awareness. They bought | finest firewalls, they had two-factor biometric locks on their data | centers, they installed anti-virus software, they paid for SAS70 | audits by the premier auditors, they hired the best managed security | consulting firms. Yet, they still were hit. Because they hired people (staff or outsourced) that made them feel comfortable, instead of getting the job done. | Its not as simple as don't use microsoft, because worms have hit other | popular platforms too. But this worm required external access to an internal server (SQL Servers are not front-end ones); even with a bad or no patch management system, this simply wouldn't happen on a properly configured network. Whoever got slammered, has more problems than just this worm. Even with no firewall or screening router, use of RFC1918 private IP address on the SQL Server would have prevented this worm attack | Are there practical answers that actually work in the real world with | real users and real business needs? Yes, the simple ones that are known for decades: - Minimum-privilege networks (access is blocked by default, permitted to known and required traffic) - Hardened systems (only needed components are left on the servers) - Properly coded applications - Trained personnel There are no shortcuts. Rubens Kuhl Jr.
Current thread:
- What could have been done differently? Sean Donelan (Jan 28)
- Re: What could have been done differently? Alex Bligh (Jan 28)
- Re: What could have been done differently? Andy Putnins (Jan 28)
- Re: What could have been done differently? Alex Bligh (Jan 28)
- Re: What could have been done differently? Mike Lewinski (Jan 28)
- Re: What could have been done differently? Andy Putnins (Jan 28)
- Re: What could have been done differently? E.B. Dreger (Jan 28)
- Re: What could have been done differently? E.B. Dreger (Jan 28)
- Re: What could have been done differently? Eliot Lear (Jan 28)
- Re: What could have been done differently? Rubens Kuhl Jr. (Jan 28)
- Re: What could have been done differently? Ted Fischer (Jan 28)
- Re: What could have been done differently? bdragon (Jan 29)
- Re: What could have been done differently? David Howe (Jan 30)
- Re: What could have been done differently? Scott Francis (Jan 29)
- Re: What could have been done differently? Leo Bicknell (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Jack Bates (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Scott Francis (Jan 28)
- Re: What could have been done differently? Valdis . Kletnieks (Jan 28)
- RE: What could have been done differently? Eric Germann (Jan 28)
- Re: What could have been done differently? Alex Bligh (Jan 28)