The recent Code Red and Nimda attacks have battered administrators as much as the networks they manage. Because both of these worms made use of known vulnerabilities that were simply not patched by administrators, we wondered whether the attacks have raised awareness of the importance of keeping software up to date. To find out, we asked TechRepublic members whether the Code Red worm affected how their organizations view and handle security. Read on to see what you and your peers told us.
Is management bankrolling better security?
There’s nothing like lots of publicity surrounding a nasty virus or worm like Code Red to catch the attention of upper management.
More than half of those who took our survey said their upper management became more aware of network security issues because of Code Red. It comes as no surprise, however, that fewer than a third of our respondents said that upper management loosened the strings of the corporate purse to fund better network security (Figure A).
Staying on top of current patches
One thing about Code Red: It shouldn’t have come as a surprise. Just shy of a month before the worm struck, Microsoft released a security fix that would have prevented infection by the first variation of the Code Red worm. Yet the worm managed to cut a fairly wide swath through the IT world.
Not every shop can afford to have someone tracking down fixes and patches on a constant basis, but after the trouble Code Red has caused, you can be sure more network administrators will be keeping an eye out for updates and patches in the future.
That sentiment is reflected in the results of our survey, which found that 15 percent of respondents are now checking, downloading, and updating or patching their servers on a frequent, regularly scheduled basis (Figure B).
After further review…
Many server programs appear to resemble Swiss cheese when it comes to security holes. Now, some administrators are looking closer to see if their policies have a similar appearance.
About half of those who took our survey say that they are either reviewing their security procedures or actively updating them in response to the Code Red worm.
Most network administrators report, however, that they feel confident in the security of their networks (Figure C).
Thanks for taking the survey!