'Slammer' attacks may become way of life for Net

Zardon · Feb 7, 2003, 06:55 PM

After a round-the-clock weekend watch for any infection of the so-called SQL Slammer worm--also known as Sapphire and SQL Hell--that hammered other companies' networks, the software maker apparently had escaped with only minor incidents in its international offices.

But the quiet wouldn't last. More than three days after the worm started spreading on the evening of Jan. 24, Slammer somehow got into Siebel's internal network and sent traffic skyrocketing.

"It tied up our network," said Mark Sunday, chief information officer for the San Mateo, Calif., manufacturer of e-business applications. "The quantity of network traffic generated was an order of magnitude greater than anything we had seen before."

The disturbing lesson: Regardless of what protective measures have been taken, no network can be considered secure. Companies deemed bastions of security--such giants as Bank of America, American Express and Microsoft, under its year-old Trustworthy Computing initiative--found their internal networks deluged with data from the Slammer attack.

Although the worm caused roughly $1 billion in damage by some estimates, its most significant casualty may be the perception that companies can remain secure by keeping up with software patches and other protective updates. The truth of the matter, security experts say, is that companies need to begin treating such attacks as inevitable and focus on limiting their damage, rather than expending every effort trying to create an ironclad perimeter.

"We have recognized over the last few years that you cannot prevent a virus," said Joe Hartmann, director of North American antivirus research for security software firm Trend Micro. "There will always be an entry point."

Many of last week's victims found that their internal networks were more vulnerable than they should have been. And with a worm like Slammer, a small crack in the security surrounding a company can mean days, if not weeks, of cleaning the infection from inside systems.

In Siebel's case, the worm wreaked havoc even though the company had moved the lion's share of its network infrastructure to two data centers in Utah. Slammer was still able to swamp the company's internal network at its San Mateo headquarters, limiting use of e-mail and other resources for more than 24 hours while security teams hunted down infected servers.

Full article here

Feb 7, 2003, 06:55 PM	#1
Zardon DriverHeaven Founder Join Date: May 2002 Posts: 32,480 Rep Power: 177	'Slammer' attacks may become way of life for Net After a round-the-clock weekend watch for any infection of the so-called SQL Slammer worm--also known as Sapphire and SQL Hell--that hammered other companies' networks, the software maker apparently had escaped with only minor incidents in its international offices. But the quiet wouldn't last. More than three days after the worm started spreading on the evening of Jan. 24, Slammer somehow got into Siebel's internal network and sent traffic skyrocketing. "It tied up our network," said Mark Sunday, chief information officer for the San Mateo, Calif., manufacturer of e-business applications. "The quantity of network traffic generated was an order of magnitude greater than anything we had seen before." The disturbing lesson: Regardless of what protective measures have been taken, no network can be considered secure. Companies deemed bastions of security--such giants as Bank of America, American Express and Microsoft, under its year-old Trustworthy Computing initiative--found their internal networks deluged with data from the Slammer attack. Although the worm caused roughly $1 billion in damage by some estimates, its most significant casualty may be the perception that companies can remain secure by keeping up with software patches and other protective updates. The truth of the matter, security experts say, is that companies need to begin treating such attacks as inevitable and focus on limiting their damage, rather than expending every effort trying to create an ironclad perimeter. "We have recognized over the last few years that you cannot prevent a virus," said Joe Hartmann, director of North American antivirus research for security software firm Trend Micro. "There will always be an entry point." Many of last week's victims found that their internal networks were more vulnerable than they should have been. And with a worm like Slammer, a small crack in the security surrounding a company can mean days, if not weeks, of cleaning the infection from inside systems. In Siebel's case, the worm wreaked havoc even though the company had moved the lion's share of its network infrastructure to two data centers in Utah. Slammer was still able to swamp the company's internal network at its San Mateo headquarters, limiting use of e-mail and other resources for more than 24 hours while security teams hunted down infected servers. Full article here