Danger of Code Red Worm Still Lurks. Chilling Wake-Up Call Continues for Internet Security

How to Protect Your Web Server Against Attack

SAN JOSE, Calif., July 30 /PRNewswire/ — As Code Red Worm continues its defacement of Internet Web sites worldwide, it has brought a startling wake-up call that vividly demonstrates the true vulnerability of corporate and government Internet security infrastructures. That’s the bad news. The good news is that Code Red and future derivatives can easily be prevented.

The worm is still alive. According to the CERT Coordination Center, a continuing analysis of the Code Red Worm reveals it could still trigger tens of thousands of additional machines when Web site system clocks at midnight Greenwich Mean Time on Aug. 1 (8 p.m. July 31 on the U.S. East Coast) because the worm is triggered to attack vulnerable systems between the 1st and 19th days of a month. If systems clocks are off in target systems, then the actual attack dates will be increased, helping to further spread the worm. “A vital part of the success in defending against these attacks lies in installing the published patches,” said Lou Ryan, CEO of Entercept Security Technologies, a San Jose, Calif.-based server security firm. “However, for many security administrators, patching is such a difficult and time-consuming process that they simply don’t have the resources to stay on top of it. Hackers know that keeping up with patches is tough, and they exploit that fact. This gives them a huge advantage.

“It’s becoming increasingly critical that vendors develop and publish patches in a timely manner,” continued Ryan. “But, even then, security administrators can frequently delay in actually installing the patch. Not only does the creation of the patch take a long time but also, once the administrator finally gets the patch, it can take a while to get it fully deployed. All the while, you’re vulnerable. Therefore, even with effective patch management a ‘safety net’ is required.

“The recent ‘Code Red’ worm only scratches the surface of the security issues corporations are faced with today,” said Stuart McClure, president and CEO of Foundstone and co-author of the best-seller Hacking Exposed. “In theory, flawless deployment of patches would prevent these types of attacks, but the reality is that administrators are overburdened, and simply unable to keep up with the floor of patches. They need a safety net — something that stems the tide until they can apply security patches. Entercept’s ability to protect servers from known and unknown attacks provides that ‘safety net,’ reducing the odds of thee types of devastating attacks,” McClure continued. Entercept protects servers from known an unknown attacks in three layers: Http protection, Application shielding and OS protection — guarding all points of entry and preserving the integrity of servers and Web sites. Entercept is the only server protection software that proactively prevents attacks like the Code Red worm and will protect against other similar attacks in the future. Incidentally, Entercept’s customers were automatically protected against the Code Red worm.

“What organizations have been reminded of by the recent ‘Code Red’ worm attack,” said Ryan, “is that the hacking community is not going away anytime soon and that their exploits are becoming more complex and collaborative. Implementing a balanced and aggressive security strategy that will keep the enemy at bay combines patching and a preventative solution such as Entercept.”

About Entercept Security Technologies

Entercept Security Technologies develops server security products that prevent access to server resources before any unauthorized activity occurs. Entercept provides essential protection beyond the firewall by identifying attacks and instantly taking action to stop hacker attacks before they cause damage. The Web Server Edition, the latest Entercept product, offers unique protection for Web servers as well as applications. Entercept Security Technologies (http://www.entercept.com) is headquartered in San Jose, Calif., and can be reached by calling 408-576-5900, or toll-free at 1-800-599-3200. Entercept’s European offices can be reached by calling 44-208-387-5500. NOTE: Entercept is a registered trademark in the United States and other countries.