Re: Oh, here's an interesting paper.....
From: Jerry Leslie (LESLIE@JRLVAX.HOUSTON.RR.COM)Date: 05/27/02
- Next message: James Knott: "Re: Oh, here's an interesting paper....."
- Previous message: svek: "Re: Oh, here's an interesting paper....."
- In reply to: Brian: "Re: Oh, here's an interesting paper....."
- Next in thread: James Knott: "Re: Oh, here's an interesting paper....."
- Reply: James Knott: "Re: Oh, here's an interesting paper....."
- Reply: Brian: "Re: Oh, here's an interesting paper....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: LESLIE@JRLVAX.HOUSTON.RR.COM (Jerry Leslie) Date: Mon, 27 May 2002 16:02:06 GMT
Brian (Witch*Dr@usa.nojunkemail.net.ru) wrote:
:
: "dnb" <dnb@comcastt.net> wrote in message
: news:RfqI8.36695$gk.3437674@bin2.nnrp.aus1.giganews.com...
: > That's not fair (to put all blame on the person running the system).
: > Orchestrating, monitoring and maintaining all the patches and settings and
: > such is a full time job. This is a luxury the small to medium company may
: > not be able to afford.
:
: If they can't afford it, they need to get out of the business. Patch
: maintenance is difficult but once you keep up with it, it's not all that
: difficult. The problem is that most businesses put project completion and
: uptime ahead of critical patching. It's amazing how many machines are out
: there that have never been patched. Companies need to factor in time for
: patching and tweaking as a cost of operation. Unfortunately a lot of
: businesses figure a IIS server is a snap to install and once it's up and
: running will require little maintanence. That is far from the case. It's
: laughable how businesses get crunched by hacks that have been out for years
: and then blame Microsoft. How many businesses lost a lot of time due to
: Klez? A properly patched Outlook and a up to date A/V killed Klez.....ahhh
: but it was too much of a pain in the ass to patch Outlook.
:
:
Anyone still running IIS should read this article:
http://www3.gartner.com/DisplayDocument?doc_cd=101034
Nimda Worm Shows You Can't Always Patch Fast Enough
"...Gartner recommends that enterprises hit by both Code Red and Nimda
immediately investigate alternatives to IIS, including moving Web
applications to Web server software from other vendors, such as
iPlanet and Apache. Although these Web servers have required some
security patches, they have much better security records than IIS and
are not under active attack by the vast number of virus and worm
writers. Gartner remains concerned that viruses and worms will
continue to attack IIS until Microsoft has released a completely
rewritten, thoroughly and publicly tested, new release of IIS..."
Microsoft's Windows Update site, windowsupdate.microsoft.com, was defaced
by Code Red several months after Microsoft had released the patch:
http://www.vnunet.com/News/1124134
vnunet.com Code Red plague on the rampage
Code Red plague on the rampage
By James Middleton [20-07-2001]
"Code Red is spreading like wildfire and is attacking more than just
the server.
The Code Red worm, which began its trail of destruction earlier this
week, is spreading fast and this morning defaced Microsoft's Windows
update site.
The knock-on effects from this fast-spreading IISS server worm are
causing more problems to network kit because it attacks anything that
uses HTTP, including Linux servers and printers.
Earlier this morning [Friday], windowsupdate.microsoft.com was defaced
with the worm's characteristic statement: "Hello! Welcome to
http://www.worm.com! Hacked by Chinese!"
Microsoft has since fixed the hack, but suffered the embarrassment of
revealing that it did not update its own servers with the latest
security patches.
The Code Red worm exploits a known buffer overflow vulnerability in
the ISAPI extension in the Index Server of Windows 2000 and XP beta,
for which Microsoft released a patch in June.
Paul Rogers, network security analyst at MIS, suggested that if the
Windows update server had been open to this vulnerability for a month
now, "who's to say someone didn't break in without doing anything so
obvious as defacing the site, and Trojan some of the Windows update
files."
He said that knock-on effects from the worm, which is programmed to
break into Port 80 and deface a site, were causing other network
problems..."
There are several reasons why systems are not patched:
o Microsoft Service Packs have a history of always breaking something:
- NT 4.0 SP6 broke Lotus Notes
- NT 4.0 SP6A broke Lexmark Printer support
o The system administrators have been laid off. In most organizations,
server support is an overhead activity; i.e., not directly billable
to clients. So when it's time to cut staff, people in "overhead"
jobs tend to be cut first.
o The system administrators are swamped because of under-staffing
Some of the PHBs may think that the systems can run themselves,
like their legacy systems did (e.g. MVS, OpenVMS).
o The system administrators are terrified of installing Service Packs
and hot fixes, for fear of breaking something. Imagine a sysadmin
of a site that has Lexmark printers after installing NT 4.0 SP6A,
when the managers can't print anything.
--Jerry Leslie leslie@clio.rice.edu (my opinions are strictly my own)
Note: leslie@jrlvax.houston.rr.com is invalid for email
- Next message: James Knott: "Re: Oh, here's an interesting paper....."
- Previous message: svek: "Re: Oh, here's an interesting paper....."
- In reply to: Brian: "Re: Oh, here's an interesting paper....."
- Next in thread: James Knott: "Re: Oh, here's an interesting paper....."
- Reply: James Knott: "Re: Oh, here's an interesting paper....."
- Reply: Brian: "Re: Oh, here's an interesting paper....."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
