In my view, the Conficker worm provides a microcosm of the complexity of IT security and the pressing need for security best practices. Here are a few examples:
- Conficker reinforces the link between IT security and operations. Organizations with strong asset, configuration, and patch management processes were probably able to patch vulnerable systems before Conficker first appeared in November 2008.
- Conficker demonstrates the need for device authentication and port blocking. Conficker uses USB flash drives as a means for propagation. This should serve as a wake-up call to security professionals that USB drives can act as a modern-day “sneakernet” for spreading malicious code or stealing confidential data. Addressing these threats means limiting USB access to authorized drives (through means like the IEEE 1667 standard) while filtering all traffic that flows to or from USB drives.
- Conficker contains a password-cracking program that can break simple passwords like “1234” or “password.” This demonstrates the need for strong password enforcement, password management, and even multifactor authentication.
- Finally, Conficker is an extremely aggressive worm that looks for open file shares on the network to create yet another propagation method. Detecting this activity demands network traffic analysis and an understanding of normal versus anomalous behavior.
The rest HERE
This guy hit it right on the head! The poor security practices of many a company out there will be their undoing should Conficker actually do anything of merit. Why is it so many places do so little to really secure their environments? Why, when they are told how to secure and why they need to, do they do nothing or just a half assed job at “Due Diligence” Well, lets see what tomorrow brings.. Well nothing likely tomorrow, but give it a few days….