Working together for security

Recently, a new and dangerous worm was discovered in the wild. The SQLsnake worm, which attacks Microsoft's SQL databases, has been making waves as it runs through the Internet, and may well become the next Code Red if it continues unchecked. This worm has already compromised several thousand servers.

The SQLsnake worm would, very likely, have gone unnoticed for weeks or months had it not been for a group of people working together. A number of the members of SecurityFocus.com's Incidents list (http://online.securityfocus.com/archive) saw unusual activity in their firewall logs or intrusion detection systems, and they shared those logs with the other security-minded readers of the list. Together, they determined that there was something unusual going on. They put their information together, identified the threat, and together they started looking for the actual worm.

Many companies have policies in place to control and conceal information about attacks, whether attempted or successful. It can be very embarrassing for a company to admit its security has been broached. The instinctive reaction is to cover up the attack, and protect the company both from a public relations and a security aspect. If a company has suffered an attack -- especially a successful attack -- upper management generally has two goals:

1) Make certain the company's customers don't find out about the intrusion.

2) Make certain the attack doesn't happen again.

These are certainly understandable responses to a difficult situation; however, these responses are not generally best for the security community itself. If the security community does not communicate, hundreds or thousands of vulnerabilities will go unnoticed.

A few years ago, the argument was often made that if no one publicized a vulnerability, then no one could use it against anyone...or at least if anyone did, the sphere of impact would be small. These days, the proliferation of worms has obviated that excuse -- if vulnerability is found and, instead of a simple exploit being released, a worm is written to automate the assaults on networked computers, the sphere of impact is limitless. All it takes is one person finding one hole, and the next Nimda hits the Internet.

It is perfectly acceptable for companies to want to protect their assets in the event of a security breach. However, for the general good, it is essential that the security community be able to work together to identify threats and send out alerts. In this case, cooperation is far safer than hiding alone.

Join the newsletter!

Error: Please check your email address.

More about MicrosoftSecurityFocus

Show Comments

Market Place