| Many different companies were hit hard by the Slammer worm, some with | better than average reputations for security awareness. They bought | finest firewalls, they had two-factor biometric locks on their data | centers, they installed anti-virus software, they paid for SAS70 | audits by the premier auditors, they hired the best managed security | consulting firms. Yet, they still were hit. Because they hired people (staff or outsourced) that made them feel comfortable, instead of getting the job done. | Its not as simple as don't use microsoft, because worms have hit other | popular platforms too. But this worm required external access to an internal server (SQL Servers are not front-end ones); even with a bad or no patch management system, this simply wouldn't happen on a properly configured network. Whoever got slammered, has more problems than just this worm. Even with no firewall or screening router, use of RFC1918 private IP address on the SQL Server would have prevented this worm attack | Are there practical answers that actually work in the real world with | real users and real business needs? Yes, the simple ones that are known for decades: - Minimum-privilege networks (access is blocked by default, permitted to known and required traffic) - Hardened systems (only needed components are left on the servers) - Properly coded applications - Trained personnel There are no shortcuts. Rubens Kuhl Jr.