Say it ain't so!

No doubt you're expecting me to be (virtually) wagging my index finger at you and saying over and over, "Shame, shame, shame." Well, I'm not.

Yes, the Slammer/Sapphire worm that emerged a couple of weekends ago was a great hindrance to the Internet, and yes, a patch for it already existed, but sometimes it's just hard to keep up.

The Slammer/Sapphire worm exploited a weakness in Microsoft Corp. SQL Server 2000 that allowed the worm to flood the server with requests until it suffered a buffer overflow. Then things would stop. Fortunately, this was a worm with no payload, so all it did was interfere with SQL Server -- it didn't also deliver a load of viruses or other malicious code.

Also, fortunately, the patch already existed, so all affected companies had to do was download and install the patch from Microsoft. When that was done, the worm was gone. The sad thing is that the patch has been available since July 2002. By now, you'd think that everyone with a copy of SQL Server would have patched it.

But you'd have thought wrong. Applying updates to your enterprise database servers isn't the same as downloading the latest fix using Windows Update. The fact that you'll have to take the server offline to apply the patch means that you'll be out of business for a while, and if something goes wrong during the process, then you'll be out of business for a while longer. So you wait until a time when you'll be taking the server down for some other reason and plan to apply all your patches then.

And, of course, all of this assumes that you have a good handle on what's installed on all your servers and what their current patch status is. If you have a lot of servers, this is a tall order all by itself. Given today's vastly understaffed IT departments, it could be more than the staff can do. After all, can you spare an individual's hours to account for each server, its operating system, applications, and current patches on each, not to mention the status of all planned maintenance? I didn't think so.

So what can you do? One solution is to find a good means of scanning your network for vulnerabilities. We mentioned eEye Digital Security Inc.'s Retina recently, and that's precisely what this product does. It even offers to download patches and fix other problems for you.

But knowing about the vulnerabilities is only part of the problem. You'll still have to take the server offline to apply patches, and that will still take you out of business. So maybe the answer is to invest in a few backup servers; that way, if you plan your downtime right, you can add patches while incurring little interruption to your business.

Or even better - maybe periodic patching sessions would be a great time to test your continuity of operations plan. Put your enterprise into its emergency operations mode, and while that's being tested, upgrade those servers. Then you'll have accomplished two goals at once.

Of course, that assumes you have a continuity of operations plan. You do have one, don't you?

Join the newsletter!

Error: Please check your email address.

More about eEye Digital SecurityMicrosoft

Show Comments