The Nimda virus wormed its way into many enterprises via outdated version of Internet Explorer (IE). Once inside, Nimda also changed configurations, leaving vulnerability remnants behind to use in future attacks. Nimda could have been thwarted, however, if administrators had updated IE and their system configurations. In this searchWindowsManageability interview, the second in a
series, Dennis Moreau and Alex Goldstein describe the link between configuration management and security. Moreau and Goldstein are CTO and CEO, respectively, of Woodland Park, CO-base Configuresoft, maker of Enterprise Configuration Manager, a Windows configuration tool with a base price of $775 per server and $30 per workstation.
|sWM:||How could have enterprises been safe from Nimda?|
If you wanted to be secure from the Nimda virus, you needed to be running the most recent version of IE, ether 6.0 or 5.01, service pack two. Many organizations had IE 6.0 or 5.01 as a standard. Yet, in the organizations there were machines that did not have their software configuration updated to have that version of the browser. The IT organizations, despite the standard, didn't know those machines weren't updated. They may not have known because they didn't think they were managing those machines. Or, perhaps they were managing more machines than they thought they had. They also may have not known because the configurations were changed due to some other application requiring the older version for compatibility requirements.
|sWM:||How does configuration management undo damage caused by viruses or worms?|
Configuration management manages the damage that is done when configurations change. It tracks those changes, and you can see very clearly and quickly what the virus has done. You can see which machines have been affected in that way, and you can typically provide automated solutions that cause the configurations to revert to what they should be.
|sWM:||Are there rules for Windows configuration that apply to most systems?|
There is not a single standard. What the standard is depends on what the machine is going to be used for and what the objectives of the organization are. For example, a universal standard is not to have administrator accounts with blank passwords.
|sWM:||What are some reasons why it's important to monitor and manage your configurations?|
Eighty percent of all of your downtime is due to changes that take place in your hardware and software. Configuration management tracks the changes and creates a change log of everything that's changing. You get a far more rapid problem resolution when you can see what's changing in the environment.
|sWM:||What is the overall problem Enterprise Configuration Manager addresses?|
It's a many-fold problem. People may know what configurations they want. They often don't know what they've got. You cannot manage what you don't know and don't understand. We provide the equivalent of banking or financial balance statements for the IT department. We let them see what's really there.
We've never had a large-scale deployment where people had the configuration they thought they had. It's unusual if people have the number of machines they think they have, let alone have the hardware and software they think they have.
|sWM:||How does a configuration tool, like Configuresoft's ECM, fit into a company's security plan?|
A configuration tool is part of an overall security policy and system. ECM does not ensure that your system is bulletproof, but it helps to ensure that large Windows deployments are secure. It has to be properly used, and other appropriate vulnerability and security protections have to be in place. You need anti-virus software. You need intrusion detection. But, the majority of security breeches are due to mis-configurations.
FOR MORE INFORMATION
The first part in this searchWindowsManageability series: Nimda: still on the prowl?
For more information on Microsoft IIS vulnerabilities, visit searchWebManagement.