Although security was top-of-mind for much of the past year, enterprises hadn't yet been hit with the SoBig and Blaster worms when we fielded this survey. Still, 80 percent of respondents said they had been hit with virus/worm outbreaks. However, only 26 percent said they were the victims of exploitations of known vulnerabilities in packaged software, and 17 percent said the same of exploitations of unknown vulnerabilities in packaged software. Both represented a drop of around 10 percentage points from last year. We suspect the numbers would be far higher if the study were fielded now.
The Windows systems in use in the library at UMass at Amherst have been "hammered to death," says network specialist Hoogendyk. "We haven't gone a year without major, major attacks." Viruses and worms are a particular problem on college campuses like UMass because there are tens of thousands of students plugging into the network, and at the beginning of a semester, many are new users.
The campus response center took between two and five days to get back to users recently after the school was hit with the Nachi virus, Hoogendyk says. Now the campus IT department immediately closes any port that detects a virus, and students have to call the helpdesk to have their computers cleaned before the port can be reactivated. As the Unix administrator, Hoogendyk estimates he spends one day per week patching Unix servers and scanning security advisories. That investment has paid off: The Unix systems haven't been breached since 1999. "Knock on wood, it terrifies me," he says.
Although the research arm of Columbia University wasn't directly hit by the SoBig virus, users were inundated with mail from outside systems that had been infected. As a result, IT may take more control of user PCs to maintain mail filters and other defenses, Fries says. Previously, users were given a degree of freedom to experiment with their computers for research purposes.
After years of focusing on perimeter security for customer-facing Web systems, PepsiCo is shifting its attention to application security, network engineer Cleal says. The company is consolidating its authentication databases and adding single sign-on to track users while they shift from one application to another. "We want to know that John Smith was in this app at this time and did these things," Cleal says.
Discover the benefits of scalable backbone and network services for application and cloud providers.
Network automation is gaining momentum. Here's how you can drive this powerful technology to its full potential.
Subsea cable alternatives can provide a level of comfort for those concerned about disruptions. Realistically, they will continue to play a small, but critical role in the short term.
