Tech-101 Free Computer Support Tech-101 Free Computer Support

Home Forum FAQs Terms of Service
Go Back   Tech-101 Free Computer Support > Security > Network Security
Reload this Page Worms are prevalent problem(s), especially for large infrastructures
Connect with Facebook
Register FAQDonate Members List Calendar Search Today's Posts Mark Forums Read

Closed Thread
 
LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 11-02-2009, 03:39 PM
jobeard's Avatar
Site Admin

  
Join Date: Dec 2008
Location: Southern Calif.
Posts: 1,100
Default Worms are prevalent problem(s), especially for large infrastructures
Computerworld article by By Jeremy Kirk November 2, 2009 is reporting:

IDG News Service - The Conficker worm continues to be one of the most prevalent threats facing PCs running Windows, according to a new security report published by Microsoft.

Conficker spreads either by exploiting a vulnerability in the Microsoft Windows Server service, through infected removable media or brute-forcing weak passwords on other PCs.

The worm is still circulating, mainly in enterprises, ... Due to its password-cracking ability, if Conficker gets on one PC in a company, it can often then rapidly spread.

Please see the original article using the link above
Comment by the O.P.:
Corporate systems (ie infrastructures) are just a nightmare to cleanup once an intrusion has occurred. Even if you start cleaning immediately, the infection(s) just come right back and your entire staff will just spin their wheels until an extraordinary measure is taken:
Divide the resources and conquer
When worms replicate using Shares, the reoccurance rate is even faster

The whole network will need to be replicated (just a good idea anyway to have redundant networking).
Then each system can be sanitized by
  1. Taking each system off the network
  2. scanning and removing the intrusive worm, virus', trojans
  3. then once known to be clean, moving the sanitized system to the backup network
  4. when all systems are connected to the backup and none are on the primary, the infrastructure can resume normal operations
In addition, the servers must also be sanitized and re-certified even before the clients have any access from the backup network. The DNS, DHCP, Active Director and Exchange Servers will need to be moved and reconfigured to drop all access from the original network and to support only the new / redundant net.

If the staff is very careful in the analysis and take good notes as to how to disable the infection, it is possible to automate the cleanup rather than brute force scan and fix one-on-one. But even that will not lessen the level of pain these rouge villians inflict upon our infrastructures.

The above should give great insight why the CIO (Corp. Information Officer) places heavy restrictions on P2P, external USB devices, personal Access Points or Wifi Routers on any client system attached to the infrastructure network -- it's just too easy to inflict massive disruption to everyone.
__________________
J. O. Beard; you + tech-101.com => synergism. Secure your system now
Last edited by jobeard; 11-02-2009 at 03:40 PM. Reason: close
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!twitterShare on Facebook
Closed Thread

« Previous Thread | Next Thread »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


All times are GMT -4. The time now is 05:03 PM.

Copyright © 2009 Tech-101.com. All rights reserved.

About Us - Privacy Policy - Contact Us - Tech-101 Free Computer Support - Archive - Terms of Service - Top
Tech-101 Free Computer Support Tech-101 Free Computer Support