Don't ignore network level filtering
Posted Jan 30, 2003 10:05 UTC (Thu) by beejaybee
In reply to: Don't ignore network level filtering
Parent article: A look at the MS-SQL worm
Yeah. Nessus has been identifying the expolit for ages; despite at least three rounds of warnings, there were still some systems at my employer's site which weren't patched. I would estimate around 50% of the (not very many) hosts running MS-SQL-S were patched.
We had the foresight to filter incoming UDP on almost all ports at our site router and therefore were not directly hit by the outbreak.
Another point here - it's obvious that a high proportion of the sysadmins of the hosts running MS-SQL-S were not even aware that the service was running. Disabling services that aren't essential is as much a part of securing a system as keeping up to date with patches. This applies to _all_ operating systems; many out-of-the-box linux systems are also running services they don't need to; Solaris systems seem to be totally infested with a huge raft of RPC services, many of which are a complete mystery to almost everyone!
to post comments)