Lessons From the Slammer

Lessons From the Slammer
Richard Forno, 2003-02-05

January's Slammer infection held valuable lessons for all security stakeholders.

Lessons From the Slammer 2003-02-06
Villy.Madsen@Shaw.ca (1 replies)

Lessons From the Slammer 2003-02-10
Matt Ostiguy

Lesson Number Four 2003-02-08
Nicholas Weaver (1 replies)

Lesson Number Four 2003-02-11
Villy.Madsen@shaw.ca

My point exactly..

Misconfigured firewalls & poor security architectures...

Defense in depth means exactly that - You do the best you can with the resources you have available at each point.

A good architecture (network, security, server etc)
Boundary Routers
Firewalls
Hardened systems (patches up to date, unneeded services turned of)

In this particular case, the shortcoming in SQL Server cannot not even be considered as the last line of defense, since the patch for it was 6 months old.

I am not particularly fond of MS, but I seriously wonder if this is not a case of trying to shift the blame....

Villy

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/140/18093#18093

Lessons From the Slammer 2003-02-10
Anonymous