• United States
by Tim Wilson

Slammer worm highlights configuration management problem

Feb 05, 20033 mins
Enterprise ApplicationsSecurity

* Weak configuration management strategy could leave your company open to the next 'Net attack

Last week’s attack of the Slammer worm on the Internet sheds new light on a function that is often forgotten by internal IT staffs and their outsourcing firms: configuration management.

In case you’ve been in an isolation tank for the past week, here’s the story: on Jan. 24, a worm known as Slammer began spreading across the Web, infecting thousands of servers and bringing Internet performance to a crawl. The worm exploited a security flaw in Microsoft’s SQL Server software – a flaw that had been patched by Microsoft more than six months ago.

The worm is estimated to have infected more than 100,000 servers on the Internet – servers that, for one reason or another, had not installed the patch that Microsoft issued last year. While previous viruses, worms and distributed denial-of-service attacks have created new problems that no IT organization could have anticipated, the Slammer worm could have been prevented – or at least minimized – if administrators and outsourcers had simply kept up with their work.

It would be easy to lay off the Slammer problem on IT staffers and outsourcers who were lazy or apathetic, but such criticism is entirely unfair. The fact is that keeping track of the applications, operating system versions and patches installed on hundreds of machines – a function more broadly known as configuration management – remains one of the most difficult and time-consuming tasks faced by IT today.

The problem, in a nutshell, is that most IT administrators – even the more sophisticated outsourcing firms – still track configuration on a server-by-server basis. That is, the individuals responsible for a particular server might know what has been installed on it – and which patches have not been installed – but there often is no central means of collecting and updating configuration information across the enterprise.

This absence of comprehensive, centralized configuration management capability often leads to system failures and downtime as well as security breaches. Without configuration management capabilities, the IT systems administrator or outsourcer may not be aware of important changes made – or not made – to a given server. Yet a single unauthorized change to an operating system or an uninstalled security patch can lead to disastrous results.

Fortunately, there are some tools emerging that can help to consolidate and coordinate configuration management data. Several emerging vendors, such as Configuresoft and Ecora, are offering specialized tools that can help administrators and outsourcers spot problems in servers or desktops from a central point of control. Some enterprise management software vendors, such as Tivoli, also have made significant improvements to their configuration management applications in recent months.

Broadly, these configuration management tools collect data from servers and clients on a periodic basis to track the currency of applications and patches and monitor for recent changes. If a change occurs, or if a system shows up without the appropriate security patches, the configuration management tool will send an alert to the IT administrator or outsourcer to indicate the problem. Some configuration management tools also let the administrator or outsourcer make the appropriate fixes remotely.

In reviewing the capabilities of an outsourcing provider today, it is important to ask questions about how that provider handles the task of configuration management. If the provider does not have adequate tools to collect configuration data about the servers and clients it will manage, insist that these tools be implemented. If you don’t, you could find your company on the wrong end of the next Internet attack.