Computerworld - It has been more than a month since the Blaster worm hit, and my company is still having problems. The main one is that we have thousands of desktops and my security team and I don't have a strong and fully automated way to identify and track updates on them.
This situation is a nuisance, if not a crisis. We know what to do, and we've communicated the need to keep updates current to all employees, but things don't always happen the way we'd like.
We've made some network configurations within our routers to limit the damage as much as possible, but in some instances that has prevented legitimate business activity from occurring. In some of those cases, we've had to remove added access-control lists because it's more important to have revenue-generating functions working than it is to prevent the Blaster worm from propagating.
Another challenge I face is political. At other companies where I've worked, the desktop support group was responsible for virus removal and prevention, while the IT security group tracked down the source of any malicious activity. I never wanted the security team to be the focal point for virus eradication within the organization, but detection and eradication have morphed into IT security department responsibilities. I'd like to change that, but if I start trying to shift responsibilities at this stage of the game, I'll only generate resentment from other organizations. So, my staffers -- all four of them -- are stuck dealing with virus updates and patches for nearly 10,000 desktops. That said, we are making progress. Hopefully, within the next week we'll have cleaned up the environment completely -- until the next variant comes along.
Other than the Blaster fallout, this week was fairly quiet. I haven't started looking for a replacement for our recently departed security engineer because management has asked that I hold off hiring until the end of the year. In the meantime, I have authorization to hire a consultant if needed.
I've had good luck with consultants in the past. The only problem is that they eventually leave. At that point, if the consultant hasn't generated the proper amount of documentation and transferred critical knowledge to the staff, we're left with an unmanageable project.
In one case, I hired a consultant to build intrusion-detection sensors. No one was working with the consultant, however, and when he left, he didn't show us the configuration or give us the passwords to the system. Luckily, we were able to call him back in, and
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
