Basic security can help tackle Stuxnet


Basic security can help tackle Stuxnet

One important lesson IT managers can learn from Stuxnet is that it is a huge mistake to buy software with known hardcoded passwords, says John Pescatore, research vice-president at Gartner.

It is a good idea at system install to make sure all default passwords are changed, because it is often much easier then than trying to do it at a later stage, he says.

According to Pescatore, simply having software applications, including browsers, up to date, avoiding default passwords, and making sure all portable media are controlled, organisations could substantially increase their defences, even against sophisticated malware like Stuxnet.

“Certainly, more proactive mechanisms such as intrusion prevention systems and network forensics would have been better, but those who got hit by Stuxnet really suffered from a lack of basic levels of security,” he says.

So Stuxnet is not something that borders on science fiction and applies to only a select few in charge of security for systems linked to critical national infrastructures. Rather, it is proof that the game is changing and that the stakes have never been higher.

Instead of burying their heads in the sand, IT security managers should recognise that Stuxnet is relevant to every one of them.
At the very least, Stuxnet is a call to action to ensure that basic security principles such as system configurations are covered, supported by continual updates to user education programmes, defence strategies, software applications, and incident response plans.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

This was first published in November 2010


COMMENTS powered by Disqus  //  Commenting policy