[HSC-Unix] SQL Slammer-Final Update

[Petrie, John F., III]

All TSRs and System Administrators,

 

I wanted to take a moment to thank all of you for your diligence and
dedicated work implementing information security measures over the last
year.  

 

The most recent 'SQL Slammer worm' attack, January 24 through January 27 is
a sober reminder that we, as technology representatives and computer
professionals, can never let our guard down.  Information Security is
inherent to every task we do, and crosses all business functions of the
University.

 

Your efforts paid off in "real" savings.  I am happy to report that this
University had no (zero) infections of the 'SQL Slammer worm' on campus. We
found 12 systems that were vulnerable (either SQL server or MSDE desktop)
within our enterprise.  We have since contacted the administrators or TSRs
responsible for those systems, and they have been patched or are in the
process of being patched.  

 

This worm was a memory resident worm, and was non-destructive in nature.  It
did, however, create a firestorm of internet traffic, at such volumes, that
almost all organizations experienced some form of slowdown, or Denial of
Service (DoS) to/from their networks. This worm spread across the nation
faster than the 'Code Red' virus was able to.

 

This was a significant event and as high as 85% of organizations nationwide
were infected (to varying degrees) by this worm. 

 

UTHSCSA was part of 15% of organizations nationwide that were not infected.


 

The single most critical threat to our institution is (and remains) from
inside our enterprise.  You must continue to be vigilant, continue to stay
on top of patches, upgrades, hot fixes for the platforms that you control.
All of us must ensure that our virus engines are updated, and that we have
installed the most recent virus definition files on our systems. Virus
detection software should be present on all servers, regardless of OS.

 

We will be posting web links describing the event, locations of virus
updates, as well as graphical representations of the traffic patterns
created by the 'SQL Slammer worm' across the internet on our website:
http://infosec.uthscsa.edu/ <http://infosec.uthscsa.edu/> . This website can
only be accessed from a UTHSCSA IP address.

 

Your efforts are the reason UTHSCSA continues to succeed in mitigating the
threat to our information resources.

 

Thank you.

 

-john

 

John Petrie

Chief Information Security Officer

UT Health Science Center San Antonio

v: 210-567-0652

f: 210-567-2204

p: 877-379-0947

m: 210-325-4015

 <mailto:petrie at uthscsa.edu> petrie at uthscsa.edu

----------------------------------------------------------------------------
--------

CONFIDENTIALITY STATEMENT

The information in this email may be confidential and/or privileged. This
email is intended to be reviewed by only the individual or organization
named above. If you are not the intended recipient or an authorized
representative of the intended recipient, you are hereby notified that any
review, dissemination or copying of this email and its attachments, if any,
or the information contained herein is prohibited. If you have received this
email in error, please immediately notify the sender by return email and
delete this email from your system. 

----------------------------------------------------------------------------
------

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://biochem.uthscsa.edu/pipermail/hsc-unix/attachments/20030203/4deb7991/attachment.htm