Engaging in worm warfare

2004 looks to be another Year of the Worm -- but you can lessen the damage done by these nasty intruders with a little preparation

“When one of these vulnerabilities comes out, everything stops and we start patching everything that needs to be patched,” Tyminski explains. “We have consciously made a decision that we will patch as quickly as we possibly can to stay ahead of these things.” The constant patching is both difficult and expensive, but Tyminski says that it’s absolutely necessary given the increasingly destructive nature of worms.

However, Tyminski does more than just patch — a strategy that boosts his worm-fighting abilities and one that other enterprises should take to heart. Tyminski is careful about patching only when it will affect the software he uses. Patching software that you don’t run can cause instability or problems with other, integrated apps, so it’s best to patch only what needs fixing.

He also takes the time to test those patches before deployment. “We do a little bit of triage on them,” Tyminski explains, adding that his staff develops a threat profile to determine how quickly it needs to patch any given server.

As another precaution, Prudential is careful about who can access the company network, and what devices and connections they use when they do so. For example, Tyminski uses Sygate’s firewall product to protect individual computers, and he also uses Sygate’s enterprise product to enforce his security policies.

This means that a user calling into the Prudential enterprise can’t be connected to the company VPN and the Internet at the same time, preventing someone from breaking into a remote machine and using it as a pathway into the enterprise. The Sygate software also enforces anti-virus status, patch levels on client machines, and even the client’s current firewall software levels.

A Six-Step Program

All of this no doubt seems like a lot of drudgery, and to some extent it is. But it’s no less important than the process of locking the door at night, or keeping valuable documents in a vault. Good security, especially in the case of worms and viruses, means addressing employee and staff training, physical security, and other cultural changes that allow security technologies to do their best work.

According to CA’s Hameroff, there are six necessary steps, spanning both technical and cultural needs, to keeping your enterprise worm-free.

First, collect vulnerability information. It can come from a number of places, ranging from manufacturers’ published vulnerabilities to chatter on hacker Web sites. You can also have this information collected for you via vulnerability assessment software.

Second, validate the accuracy of your information. There’s a lot of bad information out there, especially when it comes to worms and other security breaches, and until you know it’s correct, you probably shouldn’t act on it. Of course, you don’t want to delay acting on information too long, or you may be more at risk — checking with a respected source, such as the product manufacturer, should help pin down the exact vulnerability.

Third, form a plan to remediate the vulnerability. This may mean applying the appropriate patches, changing hardware or application configurations, or making policy changes, Hameroff explains.