February 07, 2001, 4:00 PM — MICROSOFT CONFIRMED LATE Friday that its Web sites had been struck by a second round of DoS (denial of service) attacks and acknowledged that it "did not apply sufficient self-defense techniques" to key parts of its computer networks before last week's assaults began.
In a statement, Microsoft CIO Rick Devenuti said the software vendor "accepts full responsibility" for the inconveniences caused to users because of the DoS attacks. He added that "the painful lessons we've learned" have already prompted the company to make changes to its network architecture, including a deal with an outside firm to deploy a backup set of DNS servers for Microsoft's sites.
"In the past, Microsoft has focused on understanding and protecting against attacks on Microsoft products," Devenuti said. "Unfortunately, as we have learned over the last few days, we did not apply sufficient self-defense techniques to our use of some third-party products at the front end of parts of our core network infrastructure."
Security analysts had said earlier Friday, before the second round of DoS attacks came to light, that Microsoft should take a closer look at its security practices. In particular, the company faced questions about having all four of its DNS servers on a single network -- a setup that observers said was an inviting target for attackers.
Microsoft spokesman Adam Sohn today said the company has now arranged backup DNS servers for its Web sites through a "short-term deal" with Akamai Technologies, in Cambridge, Mass. One of the fastest lessons learned from last week's problems "was to go ahead and distribute our DNS [systems]" over several locations, he added. The cost and length of the backup deal were not immediately available.
Most of Microsoft's Web sites were inaccessible on three separate occasions last week. Friday's DoS attack followed a similar assault that disrupted the company's sites for much of Thursday. That, in turn, was preceded by a 22-hour outage that began late Tuesday and was blamed by Microsoft on a faulty configuration change made to the routers on its DNS network.
The Akamai-run backup servers were added last week in response to the initial outage, not the later attacks, Sohn said. Other changes could follow as Microsoft reviews its defensive strategies, he added, but nothing has been finalized yet. "I think we're a little too close to last week to know what final architectural decisions to make," Sohn said.
Devenuti said Friday's attack was less disruptive than the one the day before. Late Friday morning, users trying to access Microsoft's Web sites experienced "intermittent delays" during two 15-minute periods, he said, adding that all of the company's sites were back up and running in normal fashion by 3:30 p.m. EST.