April 14, 2003, 8:57 AM — Three keys have emerged that organizations should study to be ready for the next major worm outbreak. These three key undertakings are preparation, planning and early warning. Just as Code Red, Nimda and Slammer surprised us all with their speed and tenacity, the next worm promises to be a bigger, faster and meaner cousin. Since we just never know when the next bad boy is coming to town we might as well get ready for the visit.
Preparation is the first line of defense against the coming onslaught. By now your organization should have a good idea of what your application architecture looks like and where the likely hot spots of infection are. You should also have a process for patching the exposed servers in the apparent order of danger, and a mechanism for obtaining and distributing patches around the enterprise.
The planning for the next worm is the second key step in defeating it. Your staff should be designing and implementing a procedure for informing the proper teams of administrators and testing any needed changes to the network that might be required for mitigation. You should be preparing a plan for how your organization will react and what types of impact possible worms might have on your production environments. Additionally, you should also be working with the disaster recovery and business resumption groups to design worst-case scenarios and appropriate responses.
Last, your team should be pursuing some type of mechanism for obtaining early alerting when the next event occurs. Whether this is through the traditional mechanisms such as monitoring web sites such as http://www.incidents.org or using a commercial threat forecasting service, you should be well under way with mitigation before you learn of the event on CNN. Threat and vulnerability alerting services are available commercially, or could be implemented at little cost using a tool for monitoring existing and known web sites that follow such information.
By taking the time and making sure your organization has undertaken these three key items, you can be ready to respond to the next worm when and if it comes to your neighborhood. Using planning, preparation and an early warning system could mean the difference between late nights and long weekends or a casual, relaxed patching party that is well under control. The choice is yours, so make it wisely.