Blocking all but essential ports and services can stave off most known and unknown attacks. Certainty, says Mark Munson, is a fleeting target in security patch management. “I know we’re not fully patched,” says the network manager at Automobile Protection Corp., the Ford Motor Co. subsidiary that processes extended vehicle warranties. “It’s so hard to keep up with.” Munson knows many of his SQL servers and applications running Microsoft SQL Database Engine (MSDE) weren’t patched against the recent Slammer (aka Sapphire) worm. Nevertheless, his network remained uninfected because of one simple principle: default deny. “It doesn’t make sense not to go default deny,” he says. “There are just so many new things. It’s easier to have people come to me to turn a service on than to try to turn off ports based on individual exploits.” Conventional wisdom says, “patch early, patch often” against security vulnerabilities. But patching broad and diverse enterprise networks against myriad vulnerabilities is a no-win battle. Admins simply don’t have the time or resources to keep up with the work load. The default-deny philosophy dictates configuring routers and firewalls–on the perimeter and in the intranet–to block protocols that aren’t expressly permitted. Full Story
About OODA Analyst
OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.