Delegates at the annual meeting of user group The Infrastructure Forum (Tif) last week were told that IT infrastructure managers should act to correct major security flaws in most network management systems.
Tif members are trying to alert their boards to the true scale of the business threat posed by major security weaknesses in the ubiquitous Simple Network Management Protocol (SNMP) which came to light earlier this year.
IT directors from FTSE 500 companies discussed the threat to business at the Tif conference. Jonathan Mitchell, chairman of Tif, said, "The vulnerability is real and more wide-ranging than before - Tif is encouraging preparedness."
The conference heard that the weakness is similar to the vulnerability in Microsoft's Internet Information Server (IIS) which was exploited by the Nimda virus last year. The danger is that buffer overflow attacks will be used to allow hackers to take control of companies' servers.
This raises the spectre of multiple access attacks via all forms of entry - even private branch exchange telephone networks - and of "sleeper" attacks where, once inside a network, a virus lies dormant until triggered at a later date. "Nimda had no destructive payload but the next attack could," said one attendee.
Tif members were warned to be methodical about patching Microsoft IIS and SNMP systems, giving priority to external links, such as firewalls and routers, followed by mission-critical systems.