Issue No. 30 - August/September 2006
What to do when the gun jams
by David Twiss
Much has been written in the past about the need to properly address the maintenance and updating of computer operating systems, application software, and the tools used to protect information infrastructure like virus and trojan scanners.
Anyone that hasn't got that message yet hasn't been listening.
With the rise of zero-day exploits it has become even more important to apply security patches quickly. A “zero day exploit” is the Holy Grail for malicious program and virus writers. It occurs when the malicious 'exploit' for a vulnerability is created before, or on the same day as a software vendor learns about the flaw in its product. A virus or worm that takes advantage of a vulnerability the vendor is not yet aware of lets the attacker to maximise the spread of their malicious code before the vendor can apply a patch.
To guard against this many companies automate security updates, their product updating automatically on a daily basis or even more often. But speedy deployment of security updates is the exception rather than the rule with industry surveys indicating an average of 30 days to implement critical system updates.
Ignoring the laggards for now, let's consider a well-run company that uses IT to improve function and reduce costs. Because they understand the issues and the cost-benefit, their IT infrastructure is administered soundly. Mindful of the risks, this company has an integrated approach to security in general and to information security in particular.
Elements of the integrated approach include firewalls, virus and Trojan scanners, remote access authentication tokens, encryption on external links, along with a proactive approach to applying updates from software vendors. In this relatively small organisation, critical security patches are automatically approved and applied every night to desktops and laptops.
Updates to server software, including security patches, are normally dealt with ...