Bugs are an inevitable problem in a sector where companies are driven by shareholders to rush out equipment before it is ready.
From a security perspective, this presents users with a huge problem. Empirical evidence suggests that the average device – whether it is a perimeter network resource such as a firewall or router, or a core device such as a server – has more holes in it than a piece of Gruyere.
One of the rarest but most devastating security vulnerabilities in host computers is the buffer overflow error, said Gary Jones, professional services manager of security consultancy MIS Corporate Defence Solutions.
The problem is that too many companies are not implementing patches in a structured way. “If you are running a corporate database, you cannot just slap on a patch when it is released,” he said. “You need some form of development environment and the patch must be tested first.”
Companies must also react to critical patches. If another aggressive internet worm appears, companies must be aware of it before they read about it in the press and they must be able to implement a patch quickly.
One solution is to have an employee checking newsgroups, supplier sites and bulletins to pick up on patches before the hackers do. Unfortunately, many companies are not in a position to pay this extra salary.
Common sense plays a big part in locking down your network vulnerabilities, but resources are also an important factor.
Virtual patching, where an intrusion dection system dynamically configures against threats, is the way on insuring against unknown vulnerabilities.
More info: [url=http://www.computerweekly.co.uk/articles/article.asp?liArticleID=127212&liArticleTypeID=20&liCategoryID=1&liChannelID=7&liFlavourID=1&sSearch=&nPage=1]http://www.computerweekly.co.uk/articles/article.asp?liArticleID=127212&liArticleTypeID=20&liCategoryID=1&liChannelID=7&liFlavourID=1&sSearch=&nPage=1[/url]