Defense

We looked after about 3-3500 endpoint devices. We were running Windows servers/clients and we leveraged technologies such as:

  • Dameware Tools
  • Remote Desktop Protocol
  • GFI LanGuard
  • RCP/SMB/WMI
  • McAfee Antivirus

When the malware hit it knocked out very rapidly about 50% of the estate. We were offline for around 3 days. See it’s an interesting tale, I worked in desktop support at the time. I was learning how to create automated everything, from the moment a PC device arrived I was trying to automated the lifecycle management. My friend Paul and I created unattended installations and kept trying to come up with inventive ways to standardize the environment using group policy. Software deployment were traditionally handled in a totally manual way, we were trying to automate every core application and then all the major line of business apps. This was back in the year 2003. In August we had a nightmare on our hands, an SMB worm had entered the environment and was causing mayhem. For the technically minded it was exploiting a vulnerability (can-2003-0352) which was patched with MS03-026.

 This worm wasn’t destructive, it didn’t affect integrity of the systems, it did however cause massive availability issues. We also had no way of easily fixing the environment, the AV vendors tools weren’t effective and we were looking at a major headache. On day 3 my script was complete and my manager asked me the vital question… “does it work Dan?”

Not long after we had computer startup scripts, logon scripts and in house scripted WMI based network scanners running to clean up the malware and patch all the systems. This was my first experience of a major malware incident. That was now a long time ago. The sad thing, the world hasn’t changed an awful lot when it comes to technology management. We have amazing tools, great technology and things can be different, but largely they are not, why is this? What does it take to make humanity change it’s approach to technology deployment or are we simply doomed to walk the same path over and over again? Lucily I have hope, there’s a world of bright, moticated and passionate people who are desperate to enter the cyber world and secure all the things. Perhaps its time we let them?

Leave a Reply