Servers around the globe were crippled last week by an insidious worm called "Slammer," which attacks Microsoft's SQL Server. Worms normally bring out empathy from network executives, but this time, there was none to be had.

My colleagues Jason Meserve and Denise Dubie scoured the show floor at ComNet in Washington, D.C., last week to get reaction from the network set. What they found was a critical group that blamed their peers for not installing a patch that would have prevented the worm from infecting their servers.

"It's on the user's side. If Microsoft didn't do anything, I'd put the blame on them, but this one is the users' fault," said Rich Johnson, network specialist with the Food and Drug Administration.

Johnson wasn't alone in his harsh words. On the television newscasts and radio programs, experts were quick to point out that network managers need to keep up with the patches.

Some would argue that there shouldn't be so many patches and that trying to keep tabs on them and download them to all the machines in the network is difficult.

Microsoft has published a page on the Slammer worm at http://www.microsoft.com/security/slammer.asp that gives details of how to block its effect on SQL Server.

Staying up to date on patches for all the programs you service is daunting, but most companies have e-mail lists for products that alert you when a service pack or update is available. Microsoft's e-mail sign-up page is at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/notify.asp .

Also, when it comes to security breaches, it's good to get to know the CERT site. CERT quickly issues advisories on fast-spreading worms and other vulnerabilities. View its advisory on the Slammer worm at http://www.cert.org/advisories/CA-2003-04.html . You can bookmark the advisory home page at http://www.cert.org/advisories/ .

"Network World" also has a Security and Bug Patch Alert newsletter, which is a compilation of reports and their fixes. You can sign up for the newsletter and track the archives at http://www.nwfusion.com/newsletters/bug/index.html .

Finally, you should keep up with the antivirus software company Web sites such as http://www.Symantec.com and http://www.McAfee.com . Both post alerts and suggestions to fix the issues they've found.

Symantec's Slammer page can be found at http://securityresponse.symantec.com/avcenter/venc/data/w32.sqlexp.worm.html .

McAfee has its own Slammer area at http://vil.mcafee.com/dispVirus.asp?virus_k=99992 .

The sites also tell you the level of risk the vulnerabilities pose to your network.

Do you have any sites you turn to for security information? Let me know at sgittlen@nww.com .

Related links
http://www.nwfusion.com/news/2003/0129reactions.html
Users react to SQL Slammer
Network World Fusion, 01/29/03

http://napps.nwfusion.com/compendium/archive/002233.html
Have your say in Network World Fusion's Slammer forum

Current Article

Motivating You - Network World digs deep into your work, career and free time

Past Articles

Your WAN: What's your next move? What you'll learn at Network World's WAN Technology Tour

Wireless: How far we have come - What to expect at Network World's WLAN Technology Tour

What's new about the New Data Center: How the concept of the New Data Center forces different thinking

2004: What do you need to know? - Your chance to help shape the Network World Technology Tour

What identity management can do for you: The importance of identity management

Mailbag: Who's minding the voice calls? A trick question

Mix 'n match storage: Not all data requires the same storage approach

Key to VoIP success? Training VoIP smarts

Who is responsible for securing voice calls over data lines? - Network and data managers must work together to ensure network integrity

Is your network view cloudy? - Storage: Shoring up your enterprise strategy

Six options for securing wireless LANs: Lessons from Network World's Security Technology Tour

Security and Storage: The perfect pair

Get savvy about SAML: Single sign-on with SAML

Standardizing IT skill sets: Your chance to help shape the standards for IT skill sets (05/14/03)

The art of consolidation: Consolidation is not an admission of defeat (05/07/03)

Reinforcing security: Network World Technology Tour focuses on corporate security (04/30/03)

The Day Two demands of VoIP: Taking voice-over-IP to the next level (04/23/03)

Instant messaging getting its due?: Instant messaging finds a home in the enterprise (04/16/03)

A powerhouse of CEOs in one room : Of Cisco, Linksys and Vortex 2003 (04/09/03)

How to survey your site for WLAN : Getting ready for WLAN in your enterprise (04/02/03)

Fooling spamers : Anti-spam tips from the Center for Democracy & Technology (03/26/03)

IEEE works on wireless access for riders on high-speed vehicles : Introducing IEEE's 802.20 spec (03/19/03)

Where will you spend your security dollars : What's the most important to you in security? (03/12/03)

What are your WLAN concerns?: Join our Wireless LANs Technology Tour (03/05/03)

Voice and video on the security scene: Identification via voice and skin recognition (02/26/03)

Is now the time for service level management?: What came out of the Service Level Management Tour? (02/19/03)

Setting limits: When to say "No" to end-users (02/11/03)

Keeping up with the patches: Resources to help guard against security attacks (02/05/03)

State of the state: Venture capitalists are cautiously optimistic about the future (01/29/03)

Demo: Who says innovation is dead? (01/22/03)

Inside Wireless LANs: Building and managing a well-integrated WLAN network (01/15/03)

Inside service-level management: A look at what Network World’s Technology Tour on SLM will offer (01/07/03)

Shaking the tree: The problems with voting systems (12/17/02)

Videoconferencing: Bring it on (12/11/02)

It’s not just about networks anymore: Extending enterprise applications (12/04/02)

Mailbag 2: Dial-up is (not) history (11/27/02)

Mailbag: Dial-up is dead (11/20/02)

Voting: A lesson in technology (11/13/02)

Dial-up is history: Hurray for wireless LANs (11/06/02)

Dial-up is history (10/30/02)

Inside the LAN (10/23/02)

Your WAN concerns (10/16/02)

Mobile interaction (10/09/02)

The Wireless World (10/02/02)

The State of IT Spending (09/25/02)

Let's talk VoIP (09/18/02)

Distance learning not all about distance (09/11/02)

What's the state of your WAN? (09/04/02)

Paperless society falls by the wayside (08/28/02)

Educating tomorrow's IT managers (08/21/02)

Educating tomorrow's IT managers (08/14/02)

Your work concerns (08/07/02)

All about You (07/10/02)

A tale of woe from the front line (07/10/02)

Your commitment to yourself (07/03/02)

Mailbag: Who should foot the training bill? (06/19/02)

Security: A tough nut to crack (06/12/02)

Training is up to you (06/05/02)

How valuable is training?(05/30/02)

Data prioritization: Not as easy as you think (05/22/02)

Keeping up with security (05/15/02)

Storage: The crux of business continuity (05/09/02)

IT training on the rise for 2003, NetSmart, 05/03/02

The allure of 3G, NetSmart, 04/24/02

RFPs: Get your money's worth, NetSmart, 04/10/02

Cisco exams tests real-world skills, NetSmart, 04/03/02

Wireless: The key to enterprise application integration?, NetSmart, 03/27/02

Are you ready for voice over IP?, NetSmart, 03/20/02

The value of communication, NetSmart, 03/13/02

Your thoughts on training and technology, NetSmart, 03/06/02

More vacation time or more certifications?, NetSmart, 02/27/02

Live demos: Could you do them?, NetSmart, 02/20/02

Take our learning "test" to help us help you, NetSmart, 02/13/02

Screaming for streaming media, NetSmart, 02/06/02

Mailbag: Ways to learn on a shoestring, NetSmart, 01/30/02

HIPAA's ripple effect, NetSmart, 01/23/02

Ways to learn on a shoestring, NetSmart, 01/16/02

Spring 2002 tour schedule, NetSmart, 01/09/02

Several ideas for finding internship opportunities, NetSmart, 12/21/01

How to get the best out of trade shows, NetSmart, 12/19/01

Internships make a comeback, NetSmart, 12/12/01

The longevity of skills, NetSmart, 12/05/01

The State of the LAN/MAN tour is underway, NetSmart, 11/28/01

State of the LAN/MAN seminars and resources, NetSmart, 11/16/01

Got Certification?, NetSmart, 11/14/01

Your thoughts on certifications, NetSmart, 11/07/01

Resources to help you decide if XP is right for you, NetSmart, 10/31/01

The benefits of short-term certifications, NetSmart, 10/24/01

A list of storage resources on the web, NetSmart, 10/15/01

Reviewing IT Budgets, NetSmart, 10/09/01

Local-based training options, NetSmart, 10/02/01

Disaster recovery, Part 2, NetSmart, 09/27/01

Help for disaster recovery planning, NetSmart, 09/20/01

The power of public speaking, NetSmart, 09/17/01

Tips for getting to know your colleagues, NetSmart, 08/21/01

Places to talk about tech online, NetSmart, 08/14/01

The fall lineup, NetSmart, 08/07/01

Salary survey shows certification boosts your pay, NetSmart, 07/31/01

Ease your concerns with training, NetSmart, 07/24/01

Summer vacation: A great training opportunity?, NetSmart, 07/19/01

Train the trainer, NetSmart, 07/10/01

The manager's role in training, NetSmart, 07/02/01

Project management is your best friend, NetSmart, 06/27/01

Tracking one network manager's journey to CCIE, NetSmart, 06/21/01

Practice makes perfect, NetSmart, 06/14/01

Training in two's, NetSmart, 06/07/01

Training isn't just about education, NetSmart, 05/30/01

Boot camps boost you network skills, NetSmart, 05/23/01

The many benefits of on-Site training, NetSmart, 05/16/01

Back to basics, NetSmart, 05/02/01