The ATLAS Dashboard has become my first-pageload-of-the-day of lately. Together with ISC from SANS, of course. It is interesting, not only for the information about the attacks going on, but also because it puts in perspective the relative rates of occurrence of different threats.
You see, of the top 5 attacks in the Internet right now, 4 of them are related to Windows. Nothing new here. However we find that they are expliting vulnerabilities which are between 3 and 6 years old!
Come on, the top attack is related to a SQL Server Buffer Overflow from 2002!! and the fourth attack is related to a IIS vulnerability from 2000!!
The Security community is well aware of the need to:
- Patch!
- Block unwanted traffic from the Internet (that includes SQL, NetBIOS, SMB, etc)
- Patch again!
Just by following these simple rules (which even a trained chimpanzee would be able to), nearly 100% of the attacks would be prevented, and the security guys would be able to focus on the really tough ones.
It’s not superhackers we are up against 99% of the time. As they say, there is no patch for human stupidity.
Patching is often the wrong response. It often only fixes one small part of a service without regard to further potential bugs and provides a false sense of security. That is if it doesn’t break more while it fixes. The right response is to assure proper controls are in place and to only use hardened servers and services in hostile environments (like the Internet).
Blind patching is a problem like you describe, Pete. However a good patch management process should take testing, regression bugs and proper risk assessment into account.
Proper controls? of course, a proper Change&Configuration Management process and Risk Management process go a long way.
Jacko