 Press Release
NewsNow talks about the 'slammer' worm
February 3rd 2003
NewsNow's IT Manager Adam Newby recently took questions from
journalists about the infamous 'slammer' worm virus.
Q: How has the slammer worm caught so many organisations off
guard?
AN: It seems that many organisations have failed to take security
issues seriously, and to act in a pro-active as well as a
reactive fashion with respect to security. They need to
react to security
issues as they arise by applying patches quickly (which most of them seem to have
failed to do) and also in a pro-active fashion by setting up their
networks so that it's harder for worms like this to spread.
Q: What action should firms take to protect against these types
of worm?
- Large corporations can divide up their networks into segments and place
firewalls between them. This means that worms like this can be
contained within one segment of a network.
- Operate a more strict security policy, whereby only machines that
need to have access to services like SQL Server can actually get to
that service. In order for a worm like this to spread from one network
to
another, it needs a machine/network configured so that SQL Server can be
accessed from a 'foreign' network.
- They should apply security patches as soon as possible, and implement
a procedure for getting alerted to security issues with software they
use as soon as possible after they are identified. NewsNow uses its
own news
scanning technology to get alerted to security issues soon after they
are announced. (For example, see our Encryption/Security
newsfeed.
- They could consider switching over to open source technology. It's
argued that open source software is inherently more secure because:
- it's subject to scrutiny from an army of developers across the web
- if you've got the resources and know-how, you can look for security
flaws yourself and fix them
- there's no public-relations issue in admitting security flaws.
Commercial organisations might be reluctant to admit loudly to security
flaws for fear of damage to their business.
Q: What part should ISPs/Microsoft play in offering
protection?
AN: ISPs need to change their attitude to security. At NewsNow we use
Linux systems to run our live services, so there was no possibility of
our servers being infected by this particular worm. However, other
customers of our ISP were, and the network traffic generated by their
(un-patched) servers affected our service.
Currently, most ISPs operate a policy that customers can install any
software they want onto machines connected to their network, and get
unrestricted access to the Internet. Couple this with the fact that many
ISPs supply 'burstable' services which allow customers to consume
all
of the available network bandwidth, and you've got a situation which
allows worms like SQL Slammer to easily take down large parts of the
Internet by saturating them with traffic.
Instead, ISPs could firewall their customers, and always apply bandwidth
throttling to lessen the impact when a customer does get infected by a
worm.
Q: According to a poll by anti-virus firm Sophos about two-thirds of
business PC users hold the company's IT team responsible for the spread
of slammer. Is it fair to blame one group?
AN: Microsoft are developing a reputation for a lax attitude to
security. There is insufficient attention paid in the mainstream press
to the fact that many problems such as SQL Slammer, and email viruses,
are made possible because of fundamental security flaws in Microsoft
software.
That said, the patch to SQL Server that prevents this worm from
spreading has been available since last July. Even if network
administrators were worried about potential instability to their systems
caused by installing
the patch, they've had six months to test it!
Those seeking more information on slammer may wish to visit our slammer
worm newsfeed.
Contact Details
February 3rd 2003, NewsNow Publishing Limited, London England
Background Information
NewsNow is Europe's pioneering Internet news cuttings agency and supplier of tailored,
aggregated newsfeeds.
NewsNow's customers hail from the world's PR, marketing, communications
and web design departments of SME, national and
multinational businesses and charitable organisations.
These organisations use NewsNow to gather and monitor news relevant to their company,
clients, competitors, market industry and sector. Their news feeds may be delivered to their inbox, to
their intranet or extranet or alternatively to NewsNow's secure web archive interface.
NewsNow is one of only a few companies able to offer this kind
of online monitoring. Its customers include Exxon, Rolls-Royce, AMD and Sony Computer Entertainment.
NewsNow Key Points
- Searches over 31,000+ sources in real time
- Monitors news in over 141 countries and 20 languages
- Searches most leading international, national and regional newspapers;
consumer, trade and technical titles; government press pages; press
releases; blogs, webzines, newsletters and leading underground and
alternative publications
- Offers sophisticated positional and proximity matching - the ability to
specify keywords and phrases and the relationships between them
- No expertise necessary - professional staff take care of your changing
needs
- Sources added or removed on request
- 30 day news archive
- No per-article charges
- Fixed monthly fees
- Delivery by email alert, via secure web archive interface or to
any intranet or website
NewsNow History
NewsNow was founded in 1997. It began as a news aggregation website
(www.NewsNow.co.uk) that fast became the UK's leading news portal.
Today the portal features over 2300 topics and attracts
76 million page impressions monthly.
In 1998 NewsNow began delivering tailored news feeds to customers'
websites.
In 2001, the addition of a sophisticated custom
search engine capable of full-text search enabled NewsNow to deliver
high-quality but cost-effective tailored press cuttings solutions to PR,
marketing and communications professionals of SME, national and
multinational businesses and charitable organisations.
|
