|  |
Rapid Sasser Attack Raises the Cost of Securing Windows
A fast-moving worm attack exploits the latest vulnerabilities identified in Windows. Enterprises must budget now for intrusion detection for all Windows systems.
On 3 May 2004, media outlets and security firms reported worldwide attacks by a new worm, called Sasser, against Windows-based computers. Sasser exploits a vulnerability in Windows that was acknowledged by Microsoft in an announcement on 13 April 2004. Microsoft is offering a patch for the vulnerability and a Sasser removal tool.
First Take: The Sasser worm attacks confirm Gartner’s prediction that mass worm attacks against the multiple vulnerabilities disclosed by Microsoft on 13 April were likely (see “Latest Microsoft Flaws Stress Need for High-Risk Protection”). In fact, the appearance of this worm makes the shortest time ever — just 18 days — between the appearance of a vulnerability and the beginning of an attack. (Blaster held the previous record, 25 days.)
Many of the vulnerabilities that continue to be identified in Windows 2000, XP and Server 2003 are easily exploitable; attackers will continue to develop worms that will cause damage equal to, or more severe than, the system shutdowns and network congestion caused by the Slammer worm. Enterprises that are dependent on Windows systems must invest both in means to patch faster and in host-based intrusion prevention software for all Windows PCs and servers.
Recommendations
Enterprises that have already invested in configuration management and software distribution systems: Budget adequate additional funds to expand these efforts to include expedited patching of all Windows PCs and servers.
Enterprises that have not yet made investments in configuration management and software distribution: Allocate funds for patch management systems that can make patching before attacks more feasible, while also ensuring the stability of Windows systems. Simply turning on Windows automatic update feature is not enough.
All enterprises: Recognize that these configuration management and software distribution system or patch management systems must be accompanied by personal firewall, antivirus and behavior-based intrusion prevention software for all Windows PCs and servers. Gartner believes that — even though the market for host-based intrusion prevention software will not be mature until the end of 2005 — enterprises must budget for, and procure, these products now to secure their critical Windows-based systems. The cost and availability of such protection should be included in all total cost of ownership calculations when alternatives to Windows servers and PCs are being evaluated. 05/2004, Gartner, Inc.
Gartner, Inc. is one of the leading providers of research and analysis on the global information technology industry.
|
Subscribe to the newsletter | | |
More articles on this topic | | |
|  | | Retailers need to plan their RFID engagement now, if they are to close the gap with pioneers such as Metro and Tesco. It is no longer enough to wait, says Ronald van Zanten of Cisco Systems ... | |  | | Webroot Software and EarthLink released their second SpyAudit Report, which tracks the growth of spyware on consumer PCs... | |  | | There is a growing realisation among organisations, be they large or small, that they need to focus on 'what they do best' but also explore new initiatives. More than ever, this dichotomy involves both productivity and revenue optimization... | |  | | As electronic communication vehicles like e-mail, instant messaging, and Web conferencing continue to grow, organizations will need to create a secure and low-cost infrastructure to tackle new challenges... | |  | | Employees working in IT security should not firewall off their own lines of communication. While technical skills are relatively easy to measure for IT security staff, managers need to place a greater emphasis... | |
|  | | Wikis have become an attractive alternative in content management. Whereas the structure of content in "real" management environments must be defined in advance, a wiki entirely adapts itself to meet content requirements... | |  | | It is only a small percentage of Web content that really makes a difference. It makes the sale, delivers the service, and builds the brand. This is the killer Web content... | |  | | Creating a content management system either from scratch, or using pre-existing building blocks, may sound like the ultimate way to get the exact solution you require. However, where there is light, there is also shadow... | |
| | | |
