Novell Netware is showing up increasingly in @RISK. It is no longer protected by the presumption that it is not widely used; too many organizations have legacy installations of Netware that support executive staff and are ripe for industrial and nation-state espionage activities. In fact, there is an overall trend toward attacks against systems that are not patched through automated services like Microsoft's SMS. The @RISK editorial board will be starting a new section focusing on what works in protecting systems that cannot be easily patched. If you have implemented (or tried and discarded) any system or process to protect unpatched or unpatchable systems, please let us know. We'll keep your name and organization confidential. Email
apaller@sans.org.*
Here are a few more of the questions with which this new @RISK initiative will deal:
- What mitigation or defense-in-depth strategies lesson the burden of patching or help in situations where you are unable to patch?
- How to deal with/respond to critical vulnerabilities that are part of unsupported software for your organization?
- How to deal with unsupported/non-standard systems that are running applications and software which are vulnerable?
*Source: SANS @Risk Sept. 3 email newsletter.
