Post Sasser – Harmony? Waiting or Ready for the _next_ time?


I guess we can all reflect on the impact that Sasser bought to us commercially as well as personally to ourselves, our friends and family.  Through such events we should take the opportunity to look at our processes for dealing with such crises and then assess the risks by implementing mitigation mythologies to reduce the potential attack vectors.

 

Microsoft has produced an extremely good document that covers end to end patch management – You can apply this document to any patching management technology.

 

You can have the best tools in place to deal with such things as Sasser, Blaster etc, but unless you have the right processes in place to manage this, it will fail.

 

SMS guide to patch deployment (135 pages, plus test plan) –

 

http://www.microsoft.com/downloads/details.aspx?FamilyId=959EE7D6-7DDF-409A-9522-7D270BDCF12A&displaylang=en

 

In order to move out of  firefighting mode, and move into a more pro-active enjoyable work environment, we need to show and understand the real dollar value that it costs the business due to down time. If we do this, it gives us the ability to talk to the business in terms they understand – dollars and cents.

Once we do this, we have a greater ability to bargain for the right tools to reduce impact, as we are then all talking a common language.

Comments (2)

  1. SimonT says:

    Patch management in a managed environment is great, had many of the businesses been doing it properly sasser would not have made the news, or would it ?

    There are many people out there, home users, some on broadband, some on dial-up. Many of the broadband users dont have firewalls are not using windows update and should be, we can only advise our friends and family to do things like this.

    Then there are people the dialup people, dont have a firewall, dont use windows update or patching, why cos all the files are just too damn large, I admit, whilst I sit behind a personal firewall I cant update windows easily I have to wait for an SP to come out something big enough and easy enough for me to download at work burn and patch later.

    How big was sasser ? and other worms/virii, tiny in comparison to the fixes? so which do you think is going to make it onto home users machines and propagate itself ?

    Any business not patching derserves all it gets but the poor home user doesnt, but they become part of the larger problem in tranmitting those virii.

    More effort into helping those people with education and with alternate ways to "update by proxy" for narrowband users is needed.

  2. Nick MacKechnie says:

    Hi Simon,

    I agree, with Microsoft moving to the two patching methodologies, as well as delta patching this should reduce the impact of time to download to Consumers as well Corporates.