Exclusive Trading

Viruses, Worms, and Exploits

Financial In Market By Dan Barker, Systems Engineer - Inacom Information Systems • 09/08/03 We are all too familiar with these three words, after all that has happened this past month. If anything, it has once again shown the importance of being current with ones network security and patch management.

The first wave of attacks came via the blaster worm, which took advantage of those Microsoft customers who had not patched a known exploit. Following closely on its heels were Sobig, Nacha, and Welchia. These were viruses and worms that demonstrated the importance of perimeter security and current virus definitions.

It has been said that the only secure computer is the one still in the box it came in. While there definitely is risk in having a computer connected to a network, there are many resources available to mitigate that risk.

Microsoft offers a free security notification service-- the same bulletins those in the security industry receive. You need a Microsoft Passport account to receive them, but you can set up a Hotmail e-mail address for it. Sign up for this service by visiting http://register.microsoft.com/regsys/pic.asp

It is suggested that all administrators ensure that their definitions are current on their servers as well as the workstations.

Lastly, a well-configured firewall is very important. The impact of several recent attacks could have been greatly reduced by blocking certain ports at the perimeter. At the very least, this affords administrators a bit more time to attempt to get Windows patches and virus definitions up to date. I would be remiss if I did not mention the importance of reviewing the firewall logs. Many administrators have excellent policies in place, but never bother to examine the firewall logs. Doing so can alert you to possible methods of attack as well as potential security breaches.

_____________________________
The importance of staying current with Microsoft patches has always been an issue. The following technologies will assist you:

1. Windows Update -
http://v4.windowsupdate.microsoft.com/en/default.asp

2. Software Update Services (SUS) -
http://www.microsoft.com/windows2000/windowsupdate/sus/default.asp

3. Systems Management Server (SMS) -
http://www.microsoft.com/smserver/evaluation/datasheets/PatchDeploy.asp

4. Use a .vbs file to script the install on Windows NT, 2000, XP or 2003 -
http://support.microsoft.com/default.aspx?kbid=827227

5. Active Directory and Group Policy
http://support.microsoft.com/default.aspx?scid=kb;en-us;314934
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/msi/setup/windows_installer_start_page.asp

6. Logon script
________________________________________________
Dan Barker is a systems engineer for Inacom Information Systems and can be reached at dan.barker@inacom-msn.com.

Speed Internet Customer, Adelphia would like to make you aware of the latest viruses. W32.Sasser.B.Worm Virus (May 3, 2004) The W32.Sasser.B.Worm attempts to exploit the LSASS vulnerability described in 011, chosen IP addresses for vulnerable systems. The worm allows for the remote execution of code on the infected machine and permits for a remote party to completely control the infected machine. This worm is currently listed as a HIGH RISK due to its current rate of spread.

[ Comment, Edit or Article Submission ]