IT security becomes patchwork process

New Zealand broadcaster TVNZ is considering setting up pre-testing facilities for patches in the wake of being hit with the Blaster worm earlier this month.

IT manager Neil Andrew says the organisation is considering the resources needed to keep 80 to 100 servers patched.

"For us to reduce the business risk even further, we're looking at what extra resources are required."

A testbed will likely be needed, as TVNZ has had compatibility problems with existing applications when applying patches, he says.

"Because of conflicts, we can't just apply the patches. We'd have to test every patch and we're looking at setting that [capability] up.

"In the past, we've done it on an ad-hoc basis - you'd do a version upgrade and while that was quite a major, we're now having to look at version upgrades and patching on a regular basis.

"The trade-off is do you take the risk of applying the patches without testing?

"We've had occasions, not with Microsoft but with others, when we've had problems with patches."

Blaster didn't get through the broadcaster's firewall, Andrew says.

"It came straight into the network, possibly through a notebook that wasn't up to date with antivirus software - we have a number of remote users and we also have people bringing in CDs."

Contingency plans for an infection were put into action and while it made some headway, only 10 per cent of desktop PCs were infected and "while it took down a couple of servers, by lunchtime we'd contained it and the next day, the majority of services were back."

Providing IT security has primarily become a matter of applying operating system patches for many IT departments.

Meanwhile, Transpower IT&T delivery manager Stephen Fox says patching is nearly a fulltime job for one of the Fujitsu staff to whom the national grid operator outsources its IT.

“They spend quite a bit of their time maintenance patching servers.”

Transpower has 150 servers, many running real-time applications, he says.

Thanks to a combination of workarounds and preventative patching of “the more important boxes”, when the vulnerability exploited by Blaster was first publicised, Transpower wasn’t affected, he says.

“We were reasonably lucky we have good sniffers on our firewall; we didn’t get Blaster at all.”

Xtra spokeswoman Anna Kermode says that in the experience of the ISP’s IT staff, patching is a requirement that comes in waves. The frequency and speed of patching has gone up a lot in the past week.

Join the newsletter!

Error: Please check your email address.

More about FujitsuMicrosoftXtra

Show Comments

Market Place