Viruses, Worms, and Exploits

Viruses, Worms, and Exploits

We are all too familiar with these three words, after all that has happened this past month. If anything, it has once again shown the importance of being current with one’s network security and patch management.
The first wave of attacks came via the blaster worm, which took advantage of those Microsoft customers who had not patched a known exploit. Following closely on its heels were Sobig, Nacha, and Welchia. These were viruses and worms that demonstrated the importance of perimeter security and current virus definitions.
It has been said that the only secure computer is the one still in the box it came in. While there definitely is risk in having a computer connected to a network, there are many resources available to mitigate that risk.
Microsoft offers a free security notification service– the same bulletins those in the security industry receive. You need a Microsoft Passport account to receive them, but you can set up a Hotmail e-mail address for it. Sign up for this service by visiting http://register.microsoft.com/regsys/pic.asp
It is suggested that all administrators ensure that their definitions are current on their servers as well as the workstations.
Lastly, a well-configured firewall is very important. The impact of several recent attacks could have been greatly reduced by blocking certain ports at the perimeter. At the very least, this affords administrators a bit more time to attempt to get Windows patches and virus definitions up to date. I would be remiss if I did not mention the importance of reviewing the firewall logs. Many administrators have excellent policies in place, but never bother to examine the firewall logs. Doing so can alert you to possible methods of attack as well as potential security breaches.
_____________________________
The importance of staying current with Microsoft patches has always been an issue. The following technologies will assist you:
1. Windows Update –
http://v4.windowsupdate.microsoft.com/en/default.asp
2. Software Update Services (SUS) –
http://www.microsoft.com/windows2000/windowsupdate/sus/default.asp
3. Systems Management Server (SMS) –
http://www.microsoft.com/smserver/evaluation/datasheets/PatchDeploy.asp
4. Use a .vbs file to script the install on Windows NT, 2000, XP or 2003 –
http://support.microsoft.com/default.aspx?kbid=827227
5. Active Directory and Group Policy
http://support.microsoft.com/default.aspx?scid=kb;en-us;314934
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msi/setup/windows_installer_start_page.asp
6. Logon script

________________________________________________
Dan Barker is a systems engineer for Inacom Information Systems and can be reached at dan.barker@inacom-msn.com.