RealNews

Hunt for Worms Shifts to LAN Traffic

Most organizations today deploy what’s known as “passive intrusion-detection systems” that monitor and report suspicious activity but do not block it. Some makers of intrusion-prevention systems designed to actively block harmful traffic such as last month’s MS-SQL Slammer worm are arguing that strategies should shift from guarding the corporate Internet perimeter to setting up IPS appliances deep within the LAN. By deploying an IPS internally, a company can detect and automatically block any worm outbreak that might occur across the LAN if employees or business partners with internal access introduce one into the system. Silicon Defense and TippingPoint Technologies separately are introducing such products this week. The approach remains novel because companies are just warming to the notion that they automatically should block traffic at all, even at the Internet perimeter. Managed security firm Ubizen recently produced a report on Slammer, noting that although the worm was “easily stoppable on the perimeter infrastructure,” some of its customers were hit from inside “trusted parties,” including dial-up links, roaming laptops and third-party connections. Full Story

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.