Every day we read about organizations that have succumbed to the malicious intent of scrupulous coders and hackers. As IT professionals we view the constant onslaught of scans, probes, penetration attempts,etc. as the unfortunate reality of connecting our organizations to the internet. We build perimeter defenses and take great pains to ensure that these defenses will protected us against the latest exploit or vulnerability. Most of us understand that a perimeter defense only offers one layer of protection and that we are just as vulnerable to an attack that is initiated from within our network. Unfortunately some still treat the firewall as the first and only place that security must be implemented.
I always shake my head in disbelief whenever I read about an organization that is battling a virus attack that has infected many machines. More times than not the virus has been introduced from an internal computer and spreads rapidly to many or most computers because of lack of anti-virus protection or outdated virus signatures on servers and workstations. This appears to be the case at a school district here in Tucson where approximately 7000 computers were infected with the conflicker virus last month. The district spent weeks rebuilding the affected computers in order to eradicate the virus. Events such as this are avoidable by simply ensuring that all computers have current anti-virus protection installed and that the proper mechanism is in place to check for updates to the virus definition libraries at least daily. More importantly a security strategy should be created and continually updated to protect all systems, applications, networks and data. As an example we have an application "firewall" in place that can check application code against best practices and know vulnerabilities before we add it to our network. We let our vendors know upfront that we will be scanning their application before we will implement, and will not sign off on a completed project until any programming issues are fixed.
My mentor was always fond of saying that (and I paraphrase) "If we (IT) are not competent enough to do the basics well (system administration, data center management, and security) we will never be trusted to do anything" How trusted is your IT organization?
I always shake my head in disbelief whenever I read about an organization that is battling a virus attack that has infected many machines. More times than not the virus has been introduced from an internal computer and spreads rapidly to many or most computers because of lack of anti-virus protection or outdated virus signatures on servers and workstations. This appears to be the case at a school district here in Tucson where approximately 7000 computers were infected with the conflicker virus last month. The district spent weeks rebuilding the affected computers in order to eradicate the virus. Events such as this are avoidable by simply ensuring that all computers have current anti-virus protection installed and that the proper mechanism is in place to check for updates to the virus definition libraries at least daily. More importantly a security strategy should be created and continually updated to protect all systems, applications, networks and data. As an example we have an application "firewall" in place that can check application code against best practices and know vulnerabilities before we add it to our network. We let our vendors know upfront that we will be scanning their application before we will implement, and will not sign off on a completed project until any programming issues are fixed.
My mentor was always fond of saying that (and I paraphrase) "If we (IT) are not competent enough to do the basics well (system administration, data center management, and security) we will never be trusted to do anything" How trusted is your IT organization?
Subscribe to this blog's feed