Patching networks consists of scanning machines for any missing patches and deploying those patches as soon as they become available. Using an automated patch management solution is the best way to avoid problems when a security threat/bug is issued from Microsoft on the first Tuesday of each month. Saving network bandwidth and being able to deploy patches from a remote source is also a major benefit to organisations today.
Determining what to patch and when is one of the most problematic issues facing enterprises. An expert panel at an Information Security Decisions conference in Chicago, USA said the ever-diminishing window of time between vulnerability’s announcement and an exploit's release makes it crucial to analyze and patch the areas most likely to be attacked first.
One example of a security breach was the virus “Code Red” which infected over 250,000 systems within just nine hours of its discovery. The original CodeRed caused a Denial of Service (DoS) attack on the White House Web server. CodeRed II was different in that it allowed its creator to have full remote access to the Web server.
I always urge folks to rate the patches themselves. Patches are often rated arbitrarily. Ask yourself whether a 'critical' patch critical to your organization? Look at the risk involved. For example, a denial of service is ranked as a low-level threat by Microsoft, but could be critical to an online bank,” he said.
If a network is not patched in time before an attack occurs than the costs involved can be enormous. For example, the loss of production and sales and the cost to clean the incident up can be phenomenal.
Vetco Gray (formerly known as ABB Vetco Gray) are the world's leading supplier of systems, products and services for on and offshore oil and gas drilling and production.
Like many other companies ABB (including Vetco Gray) were attacked by the Sasser worm and several variants of Beagle late last year which enforced Vetco Gray to think about the security within their network in the UK.
Beagle is a mass-mailing worm which primarily spreads through e-mail and will be independent of the “victim's” e-mail client. The worm will also create a security hole, which is also known as a backdoor, on the “victim's” machine. This backdoor component will allow a remote attacker to penetrate the machine.
Sasser is an Internet worm which spread through the MS04-011 (Lsass.exe) vulnerability. This worm affected machines which were running Windows XP or Windows 2000, machines which had not been patched against vulnerability or are connected to the internet without a firewall
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.