GOVERNMENT TECHNOLOGY/Simple patchwork
Any worm that spreads across computer networks has the potential to damage business productivity and revenue generation — and government businesses are not immune. When the Blaster (or Lovsan) worm spread through computer networks in August, among those affected were the Maryland Motor Vehicle Administration, which had to shut down 23 of its offices, and Philadelphia, whose employees were knocked offline. In both cases, state and city employees lost hours, if not days, of productivity, and residents who needed to access government services were out of luck.
By the time this article is published, at least one new worm will have wreaked havoc on computer systems across the world. According to reports, the Blaster worm affected nearly 250,000 computers, and security experts predict that future worms will have more devastating results.
However, worm attacks are mostly preventable. For example, 31 days before Blaster appeared, Microsoft released a patch designed to protect computers from a worm like Blaster. The patch was followed by alerts from Microsoft, the Homeland Security Department and countless industry experts. If network administrators had heeded the warnings and installed the patch, the Blaster worm would have had a much smaller effect on systems and networks.
So why did so many computers remain unprotected? Many agencies still manage patches manually — a nearly impossible task considering that new patches surface daily. As a result, network administrators fall behind and fail to have the necessary patches in place when a worm or virus hits, causing administrators to scramble to patch or repair holes as best they can.
Additionally, many IT administrators feel they are bombarded with information on new vulnerabilities and patches every day. Knowing which fixes affect the systems in place and verifying patches takes time.
Those issues can be avoided with automated patch management systems. Agencies that use automated patching systems see fewer successful attacks and a significant decrease in network and system failures, lost productivity and liability risk. The systems can reduce the time spent patching because administrators can automatically scan for vulnerabilities, identify which systems require fixes and patch the systems and applications that need them.
Patch management tools also offer information to help users understand specific patches. Databases provide details on patches and allow users to add comments and logging histories to the patch information.
Government agencies are just as vulnerable to computer security attacks as private industry enterprises and consumer computer users. Not being able to renew a driver’s license or contact a city employee can be inconvenient, but there could be far more serious implications if a successful attack knocked out a government utility or public safety department.
Automated patch management has eliminated many security-management issues, so administrators no longer have an excuse to leave holes open for worms. With features to help users understand, test and apply the right patches, patch management tools can help agencies secure the computer systems, applications, data centers and networks that form the information backbone of the country.
The author is chief security architect for Roseville, Minn.-based Shavlik Technologies.
