Count On IT: André V. Mendes

Security: Viruses, Worms And Hackers, Oh My!

Nowadays, few issues raise more fear, and often irrational behavior, than the issue of cyber security. Each new virus outbreak feeds the hungry media machine until we all become paralyzed by our own paranoia and consider abandoning some of the efficiency improvements that are constantly redefining each and every industry.

Much like the reliability issues that I have addressed in my previous column, IT security in your broadcast environment is all about professional administration and, contrary to popular belief, almost completely independent from which platform you choose to deploy your applications.

PROFESSIONAL ENVIRONMENTS

The overwhelming majority of cyber-security media headlines are caused by massive viral and worm infections that affect tens of millions of personal computers throughout the world. These numbers are caused by the explosive growth in both the numbers of households that have computers and the fast establishment of ubiquitous Internet connectivity. When you combine the ease of use that these systems offer, with their relatively high powered processors and the realities of computer illiteracy present in most lay users, it becomes easy to see how millions of un-patched systems running several year-old versions of their respective operating systems become easy prey to hackers, spammers and other such noxious characters.

The same should not happen in professional environments. Whether you have 10 or 10,000 client systems in your organization, you need to insure that they are patched, with updated virus detection engines, updated signature files and protected by a properly managed firewall. You should also ensure that your end users understand the dangers present in today's environment and are educated enough to understand the dangers lurking in such trivial things as e-mail attachments. That is part of the cost of doing business and integral to professional IT management.

On the server side, we have also experienced tremendous growth in the number of small- and medium-sized companies that have taken advantage of the benefits of automation to maintain or achieve a competitive advantage. Millions of these businesses, including thousands of radio and television stations, have installed financial systems, manufacturing databases, customer tracking programs and myriad other computer applications without the benefits of end-to-end knowledge about the exigencies of running computing environments in this brave new world of total connectivity. Unlike their larger counterparts who have been using computing infrastructures for two or three decades and fully understand the capital and operational commitments necessary to safely extract all of the benefits of automation, these companies have, in the recent past, come to painfully understand the price of inadequate technological deployments.

Again, this should not happen in a professional environment. If proper client management is important, proper server management is crucial. The patch that would have rendered the "Slammer" virus totally inoffensive was available from the manufacturer eight months prior to the first known attack. Instead, we saw hundreds of mission-critical applications affected.

FEWER EXCUSES

Today, every server and operating system manufacturer offers a set of tools and information sources designed to disseminate the latest upgrades and patches for their products. These systems are becoming increasingly sophisticated and easier to deploy, so our excuses for not implementing them will become more difficult to defend as we go forward. While it is far easier to blame the manufacturers, we should recognize our responsibility to put into practice adequate measures to ensure the integrity of our systems.

It is rather easy to engage in facile diatribes about specific manufacturers. IT platform religious wars are legendary in both their intensity and the one-sidedness of their arguments, but any competent IT manager will tell you that all operating systems have vulnerabilities and exposures. Whether you are running Windows, Unix, Linux or anything else, you must constantly be on guard and up to date or you risk damage to your vital infrastructure. On the positive side, we seemed to have turned a corner. All major software manufacturers are now fully aware of the potential impact of security problems on their ongoing financial health and have now brought this issue to the top of their priority lists. Increasingly, ISPs and network equipment manufacturers are starting to incorporate detection and filtering tools into their everyday arsenal. In the long run, we will see these infection patterns and their related activity identified, and that traffic excised from the overall network prior to massive deployment-and that can only translate into a cleaner environments in the future.

In a lot of ways, there are tremendous parallels between the cyber epidemics that we have experienced in the last few years and some of the disease pandemics that we have seen repeated throughout history. When you combine a new faster transport mechanism, whether it is the Internet, an airplane or the Pinta, Nina and Santa Maria with a new pathogen like Mydoom, HIV, or influenza and you expose an unprotected population to this new disease, it can spread quite quickly and often with rather catastrophic consequences.

We should therefore learn from this body of medical knowledge and deploy preventive medicine, proper sanitation practices and widespread vaccination programs to prevent the spread of these new technological maladies. Practice safe computing so that you can count on IT!

André V. Mendes is the Chief Technology Integration Officer for PBS, based in Alexandria, Va. He can be reached c/o TV Technology.