Feature

Basic security can help tackle Stuxnet

One important lesson IT managers can learn from Stuxnet is that it is a huge mistake to buy software with known hardcoded passwords, says John Pescatore, research vice-president at Gartner.

It is a good idea at system install to make sure all default passwords are changed, because it is often much easier then than trying to do it at a later stage, he says.

According to Pescatore, simply having software applications, including browsers, up to date, avoiding default passwords, and making sure all portable media are controlled, organisations could substantially increase their defences, even against sophisticated malware like Stuxnet.

“Certainly, more proactive mechanisms such as intrusion prevention systems and network forensics would have been better, but those who got hit by Stuxnet really suffered from a lack of basic levels of security,” he says.

So Stuxnet is not something that borders on science fiction and applies to only a select few in charge of security for systems linked to critical national infrastructures. Rather, it is proof that the game is changing and that the stakes have never been higher.

Instead of burying their heads in the sand, IT security managers should recognise that Stuxnet is relevant to every one of them.
At the very least, Stuxnet is a call to action to ensure that basic security principles such as system configurations are covered, supported by continual updates to user education programmes, defence strategies, software applications, and incident response plans.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

This was first published in November 2010

 

COMMENTS powered by Disqus  //  Commenting policy