|
It's been a tough year for Microsoft and its IIS. Several major vulnerabilities, a number of successful attacks against IIS servers, insurance companies charging a higher premium for IIS-based Web sites and Gartner recommending that "enterprises hit by both Code Red and Nimda immediately investigate alternatives to IIS" have all added to its misery. Yeah, go ahead, rip down all your IIS servers. Retool your Web applications from ASP to PHP or PERL. And do it now. That will surely be less painful than putting into place the proper patches, building a strong front end and doing a host of other things to put your self on the network securely.
Seriously, unless you are in the very early stages of development, such a radical move will be very expensive and time-consuming, and, in many cases, far more expensive than it's worth. It's not reasonable to expect an organization to make such a radical change overnight. We hope cooler heads will prevail.
Here are critical steps you can take to minimize and handle successful intrusions that have nothing to do with the technology deployed on your network.
Make a living security policy effort. If your security policy is collecting dust on a shelf, it's worthless. Start anew, involving people from all key departments. Figure out how your security policy can support your business plan while increasing your security stance.
Institute an incident-response plan. Knowing who is responsible for what, knowing when to call in outside help, and knowing what steps to take to minimize your exposure and damage will provide everyone involved with a plan of action. The last thing you want to do is make snap decisions during a crisis.
Have a disaster-recovery plan -- even to the point of figuring out how to rebuild critical systems in the event of catastrophic loss.
Survivor Intro | Security |
Network & Systems Management |
Mobile & Wireless Technology |
Digital Convergence | Service Providers & Outsourcing |
Business Applications |
Infrastructure |
Data Management & Storage |
Corporate Profiles | Letters |
Full Nelson | The Inside Story
|
RSS
