I agree with the posts about MS Bashing. Every OS has its own issues. If Unix or Linux was so secure, why are there security patches for those OSs as well? We cannot rely JUST on the OS, AV, IDS, or anything else as our sole savior against malicious attacks...FOR ANY PLATFORM. The issue is defense in depth. People should not have been tripped up by Blaster. The vulnerability was exposed well before the onset of the worm and critical system appropriately patched. There should be sufficient compensating controls in place to ensure that the exploitation of a single vulnerability does not expose the entire organization.

Some may say, it cannot be done. I say it can and have been doing such for a few years now. Blaster, Goner, Sobig, Klez have all been trapped by the multiple levels of impact on the organization I support because I do not trust any single level of protection. Does it cost? Sure. But, management here has found that while other organizations are busy recoverying from various levels of compromise, we are spending out time reporting our overall security posture, potental areas where there could be a compromise, recommendations to improve protection before any compromise, and monitoring the rates of identification and detection through our various protection mechanisms. We have not had to recover a single system because there has been no compromise.

I am not so arrogant to believe that we will never have an infection. But we have our controls set up such that we believe we can mitigate any enterprise outage. The investment of time has been worth it. We have not had to spend long hours cleaning our network from the last infestation, nor did we spend excruciating hours scrambling with the recent revelation either.

The best thing we can do is to remain vigilent, set levels of compensating controls, monitor, and patch as necessary...like we do with all the other OSs that we support and work with.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/185/22310#22310