Well, for one, they shouldn't have even picked M$ products in the first place. With all the publicity and hoopla of all the M$ exploits out there, it is evident that perhaps people should re-consider even issuing M$ products.

We switched over to Apache and OpenBSD servers 2 years ago, and we've never had any problems. Sure, OpenBSD just experiencd some nasty exploits last summer, but within days they were patched and secure again.

When Companies start scrimping on security costs, they are shooting themselves in the foot. IT Security is like insurance. Sure, it is not desirable to have to spend money on it, but that comes with the cost of doing business. When companies start getting scrimpy with costs and don't hire the proper talant (and I can attest there is a glut of qualified people out there), then this problem is going to persist.

Then, lets not forget the ISP's. They are ALSO part of the problem instead of being part of the solution.

The fact that the slammer spread so fast, had to do with the extreme bureaucracy of how they operate. Again, it's a matter of cost, and ISP's are alswo guilty of being part of the problem.

There are many products out there ISP's can use to stop these kinds of attacks. They just don't have the training or know-how to use them.

I remain...
A security professional on the "Front lines" of this war

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/139/18060#18060