NewsNow talks about the 'slammer' worm
NewsNow's IT Manager Adam Newby recently took questions from journalists about the infamous 'slammer' worm virus.
Q: How has the slammer worm caught so many organisations off guard?
AN: It seems that many organisations have failed to take security issues seriously, and to act in a pro-active as well as a reactive fashion with respect to security. They need to react to security issues as they arise by applying patches quickly (which most of them seem to have failed to do) and also in a pro-active fashion by setting up their networks so that it's harder for worms like this to spread.
Q: What action should firms take to protect against these types of worm?
- Large corporations can divide up their networks into segments and place firewalls between them. This means that worms like this can be contained within one segment of a network.
- Operate a more strict security policy, whereby only machines that need to have access to services like SQL Server can actually get to that service. In order for a worm like this to spread from one network to another, it needs a machine/network configured so that SQL Server can be accessed from a 'foreign' network.
- They should apply security patches as soon as possible, and implement a procedure for getting alerted to security issues with software they use as soon as possible after they are identified. NewsNow uses its own news scanning technology to get alerted to security issues soon after they are announced. (For example, see our Encryption/Security newsfeed.
- They could consider switching over to open source technology. It's
argued that open source software is inherently more secure because:
- it's subject to scrutiny from an army of developers across the web
- if you've got the resources and know-how, you can look for security flaws yourself and fix them
- there's no public-relations issue in admitting security flaws. Commercial organisations might be reluctant to admit loudly to security flaws for fear of damage to their business.
Q: What part should ISPs/Microsoft play in offering protection?
AN: ISPs need to change their attitude to security. At NewsNow we use Linux systems to run our live services, so there was no possibility of our servers being infected by this particular worm. However, other customers of our ISP were, and the network traffic generated by their (un-patched) servers affected our service.
Currently, most ISPs operate a policy that customers can install any software they want onto machines connected to their network, and get unrestricted access to the Internet. Couple this with the fact that many ISPs supply 'burstable' services which allow customers to consume all of the available network bandwidth, and you've got a situation which allows worms like SQL Slammer to easily take down large parts of the Internet by saturating them with traffic.
Instead, ISPs could firewall their customers, and always apply bandwidth throttling to lessen the impact when a customer does get infected by a worm.
Q: According to a poll by anti-virus firm Sophos about two-thirds of business PC users hold the company's IT team responsible for the spread of slammer. Is it fair to blame one group?
AN: Microsoft are developing a reputation for a lax attitude to security. There is insufficient attention paid in the mainstream press to the fact that many problems such as SQL Slammer, and email viruses, are made possible because of fundamental security flaws in Microsoft software.
That said, the patch to SQL Server that prevents this worm from spreading has been available since last July. Even if network administrators were worried about potential instability to their systems caused by installing the patch, they've had six months to test it!
Those seeking more information on slammer may wish to visit our slammer worm newsfeed.
Background Information
NewsNow is Europe's pioneering Internet news monitoring agency and supplier of tailored, aggregated newsfeeds.
NewsNow's customers hail from the world's PR, marketing, communications and web design departments of SME, national and multinational businesses and charitable organisations.
These organisations use NewsNow to gather and monitor news relevant to their company, clients, competitors, market industry and sector. Their news feeds may be delivered to their inbox, to their intranet or extranet or alternatively to NewsNow's secure web archive interface.
NewsNow is one of only a few companies able to offer this kind of online monitoring. Its customers include Exxon, Rolls-Royce, AMD and Sony Computer Entertainment.
NewsNow Key Points
- Searches over 43,000+ sources in real time
- Monitors news in over 146 countries and 20 languages
- Searches most leading international, national and regional newspapers; consumer, trade and technical titles; government press pages; press releases; blogs, webzines, newsletters and leading underground and alternative publications
- Offers sophisticated positional and proximity matching - the ability to specify keywords and phrases and the relationships between them
- No expertise necessary - professional staff take care of your changing needs
- Sources added or removed on request
- 30 day news archive
- No per-article charges
- Fixed monthly fees
- Delivery by email alert, via secure web archive interface or to any intranet or website
NewsNow History
NewsNow was founded in 1997. It began as a news aggregation website (www.NewsNow.co.uk) that fast became the UK's leading news portal. Today the portal features over 3300 topics and attracts 215 million page impressions monthly.
In 1998 NewsNow began delivering tailored news feeds to customers' websites.
In 2001, the addition of a sophisticated custom search engine capable of full-text search enabled NewsNow to deliver high-quality but cost-effective tailored Internet news monitoring solutions to PR, marketing and communications professionals of SME, national and multinational businesses and charitable organisations.