Article

Strong configurations can defeat viruses

Meredith B. Derby, assistant news editor

The Nimda virus wormed its way into many enterprises via outdated version of Internet Explorer (IE). Once inside, Nimda also changed configurations, leaving vulnerability remnants behind to use in future attacks. Nimda could have been thwarted, however, if administrators had updated IE and their system configurations. In this searchWindowsManageability interview, the second in a

    Requires Free Membership to View

series, Dennis Moreau and Alex Goldstein describe the link between configuration management and security. Moreau and Goldstein are CTO and CEO, respectively, of Woodland Park, CO-base Configuresoft, maker of Enterprise Configuration Manager, a Windows configuration tool with a base price of $775 per server and $30 per workstation.

sWM: How could have enterprises been safe from Nimda?
Moreau:

If you wanted to be secure from the Nimda virus, you needed to be running the most recent version of IE, ether 6.0 or 5.01, service pack two. Many organizations had IE 6.0 or 5.01 as a standard. Yet, in the organizations there were machines that did not have their software configuration updated to have that version of the browser. The IT organizations, despite the standard, didn't know those machines weren't updated. They may not have known because they didn't think they were managing those machines. Or, perhaps they were managing more machines than they thought they had. They also may have not known because the configurations were changed due to some other application requiring the older version for compatibility requirements.

sWM: How does configuration management undo damage caused by viruses or worms?
Goldstein:

Configuration management manages the damage that is done when configurations change. It tracks those changes, and you can see very clearly and quickly what the virus has done. You can see which machines have been affected in that way, and you can typically provide automated solutions that cause the configurations to revert to what they should be.

sWM: Are there rules for Windows configuration that apply to most systems?
Goldstein:

There is not a single standard. What the standard is depends on what the machine is going to be used for and what the objectives of the organization are. For example, a universal standard is not to have administrator accounts with blank passwords.

sWM: What are some reasons why it's important to monitor and manage your configurations?
Moreau:

Eighty percent of all of your downtime is due to changes that take place in your hardware and software. Configuration management tracks the changes and creates a change log of everything that's changing. You get a far more rapid problem resolution when you can see what's changing in the environment.

Taking advantage of configuration management, a support person can normally manage 30-40% more machines. Moreover, you have the ability to have your very best IT people manage your environment. So, when someone at a support site goes in and makes changes, the administrator can actually see that in your central management console. If that person has done it wrong, you can fix it before it causes an issue in the environment. The goal of configuration management is to enable the IT group to fix problems before they affect the rest of the organization.

What's also very important to note is that today's very secure configuration is not secure tomorrow or the next day. These vulnerabilities are not all known at one time. They become exposed and understood over time, meaning that the secure configuration needs to be updated over time with the latest patches and hot fixes. So, it's a continuing problem of making sure configurations are consistent.

sWM: What is the overall problem Enterprise Configuration Manager addresses?
Goldstein:

It's a many-fold problem. People may know what configurations they want. They often don't know what they've got. You cannot manage what you don't know and don't understand. We provide the equivalent of banking or financial balance statements for the IT department. We let them see what's really there.

Moreau:

We've never had a large-scale deployment where people had the configuration they thought they had. It's unusual if people have the number of machines they think they have, let alone have the hardware and software they think they have.

sWM: How does a configuration tool, like Configuresoft's ECM, fit into a company's security plan?
Goldstein:

A configuration tool is part of an overall security policy and system. ECM does not ensure that your system is bulletproof, but it helps to ensure that large Windows deployments are secure. It has to be properly used, and other appropriate vulnerability and security protections have to be in place. You need anti-virus software. You need intrusion detection. But, the majority of security breeches are due to mis-configurations.

FOR MORE INFORMATION

The first part in this searchWindowsManageability series: Nimda: still on the prowl?

SearchWindowsManageability Best Web Links on Configuration Management

Configuresoft

For more information on Microsoft IIS vulnerabilities, visit searchWebManagement.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: