Once we are past this round of malware it will definitely be harder to propagate a mass infection.  Scoff if you will, but I am serious.  I admit that this worm is building a very large network of infected systems.  But for those businesses that are addressing this malware attack they are discovering the weaknesses within their infrastructures and response techniques.  The down-times associated with locked accounts, offline servers, disrupted services due to network traffic saturation, poorly implemented / broken patch management capabilities, broken backup procedures (BTW, are your backups infected?), etc are helping the information technology staff justify their recommendations to fix these issues.  Whether the recommendations were already in place or are now forth coming is really irrelevant.  The fact is that once businesses start adding up the costs associated with the response to this malware, executives should start taking notice of the potential return on investment (gasp, Securit ROI – opps, please don’t start THAT conversation AGAIN) of their network security and management technologies.

I am certainly not saying that after this malware tumbles off into the distance that there will not be another instance of a mass infection.  What I am saying is that because of the Conficker/Downadup malware, many organizations are going to be better prepared to avoid, limit, eradicate, and return to business as usual.  This will, in-turn, reduce the number of infected systems and the speed that new malware propagates across the Internet.  I wish I could also say that this will help other non-business computers such as those owned by schools, non-profit organizations, home-users, and [add your own choice here], but that is, unfortunately, just not the case.

One thing I can recommend is that IT staff and management take advantage of this situation and make their recommendations quickly with an emphasis on prioritization.  Recent disasters have shown how short lived memories associated with purchasing and implementing protections associated with business continuity and disaster recovery can be.  Determining which technologies will give you the most bang for your buck while also increasing your infrastructure’s preparedness with an emphasis on reducing the gap between an incident and the organization’s initial response is key.  Organize the rest of your list with these issues in mind.  Hopefully, you will get the number one priority on your list.  But if your list is not prioritized you may be stuck with a box of stuff that will leave you scratching your head and wondering how it is going to help future incident responses and general business requirements.

Go forth and do good things,

Don C. Weber

Now I am not going to map this all out for you.  There are plenty of resources out there and, frankly, I am just too tired right now.  But I will tell you that each of these aforementioned plans require that your organization defines your requirements, designs a solution, develops the solution, implements what you have, tests everything, and then maintains the plan.  Of course you do not have to follow the traditional waterfall method as I have just described, but it is definitely a good place to start.  Actually, plans such as these would probably be better fitted by some type of group development strategy such as SCRUM.  This will allow you to identify the key personnel (Subject Matter Experts), managers (stake holders), and end-users (and anybody else that can provide positive input) and use them to define the requirements for success and then allow the team to determine how to best achieve the stated requirements.

Where did all of this come from?  Well, Hurricane Ike is in the Gulf of Mexico and it was originally headed straight for Corpus Christi.  Once the possibility of landfall here in CC was announce the town exploded with activity, including my house.  Food, water, clean yard, clean garage, board up the windows.  All of these things became last minute necessities that took the better part of a day to accomplish nearly completely.  What I learned from this all is that you might have a good plan, or inherited a good plan, but if you do not continue with testing and maintenance then the plan is going to fail.  A couple of personnal examples:  water filtering resources ran out of water, a run on plywood and particle board made many people wait for empending shipments to arrive, plywood coverings and their fastening locations warped over time making them hard or impossible to utilize, and more.  Small potatoes to a business but what about server power, alternate sites (are the buildings even still there?), backup management, location of personnel and their families, etc.  When was the last time that you have tested all of these?  Are your critical assets still the same?  What happens when you are backing everything up and you realize you have a security incident D’oh, two plans for follow simultaniously!!  Do you have the resources for that?

Using an SDLC will help you manage these plans better and insure that when you do need them, they work.  Good luck.

Go forth and do good things,

Don C. Weber

(NOTE: Slightly updated from the original.  I was very tired when I originally wrote this and I just wanted to add a few more clarifying points and examples.)

• We were out of D-cell batteries.  All but one of our flashlights were dead.  The one good thing was that I knew exactly where the flashlight were and they were accessible (which is a big feat with a 2.5 year old in the house).
• We only had one candle.  No batteries and no flashlights means that there is going to be a need for another light source.  Backup, backup lightsource as you might say.  A household should have several candles in containers that will not drip wax as they burn, possibly through the night.  Also, remember that heat rises so be careful where you locate these for long periods of time.  Check what is above the candle and make sure it is not flammable.
• We don’t have a cooler.  Now that I don’t drink beer as much as I use to I never missed the cooler.  With short power outages you don’t have to worry about the things in the fridge but the power was out for 10 hours last night.  With a cooler I would have been able to put some of the necessities on some ice.  Luckily we immediately identified that we should not open the fridge and it remained cold enough that we don’t have to throw anything away.
• We went to sleep without extra blankets.  Although the nights have recently been warm, the power outage was caused by strong winds as a cold front was blowing in.  By the time I woke up I was cold.  Although my wife and I are resilient our two children are another story and I should have paid closer attention to their needs.

I am sure that I could have found plenty of other things that I had forgotten but as it was already late we just took the children to bed.  One good thing that came out of the power outage is that I got ten hours of sleep.  Now when is the last time that I could say that.

There was one other thing that I did before going to bed.  I unplugged as many electronic items that I could easily get to in the dark.  You don’t know if the power is going to come back on normally or if it is going to surge.  Unplugging things will ensure that the equipment is not damaged and help limit the chance that a piece of equipment will start a fire.  The fire danger is most important during power outages that occur at night because, well, you are asleep.

So, how can you protect yourself?  Well a quick Google search on “home power outage checklist” is one way.  eHow’s list definately would have help me.  Of course the Upper Hastings Ranch Association’s list points out that you should not use candles and stick with flashlights.  It also points out that generators should be kept outside and not run indoors.  This is very important and may seem like a no-brainer but it definitelly happens.  Here is a good reference about the dangers of Carbon Monoxide from the Environmental Protection Agency.

Cutaway