IRS Inoculates Against Blaster Using Electronic Distribution
The Internal Revenue Service successfully protected thousands of servers and desktop PCs from the Blaster worm that exploited a Microsoft Windows vulnerability discovered in July by using software distribution software from Tivoli Systems.
The IRS began its search for enterprise system management tools eight years ago, and spent about two years evaluating products. After a competitive evaluation between products from Tivoli, BMC and Computer Associates, six years ago the IRS selected Tivoli as its enterprise management tool suite.
The next three to four years were spent building and deploying the infrastructure.
"We have a large infrastructure," says Jim Kennedy, program manager, enterprise systems management for the IRS in Austin. The IRS is servicing 4,000 to 5,000 servers, and 125,000 desktops and laptops, about 30,000 of which are remote clients used by field agents.
After the IRS Computer Incident Response Center detected the presence of the patch in the environment on Aug. 12, the IRS stepped up the pace of Blaster patch distribution. Within nine or 10 hours from then, 50,000 systems had been fixed; the patch was expected to be fully distributed by day-end on Aug. 20.
Calculating the ROI of electronic software distribution compared to sneakernet, Kennedy says based on each manual update taking 40 minutes and a pay rate of $45/hour, the IRS avoids $30 in costs per distribution, for an estimated benefit of $1.5 million in this case alone.
Kennedy said the 4.1 version improves on its predecessors by broadcasting the distribution to any connected device, instead of a single push to a single workstation, as was the method of previous versions.
IBM has since repackaged Tivoli Software Distribution and has combined it with Tivoli Inventory and renamed the product Tivoli Configuration Manager.
August 14, 2003
Despite some headline-grabbing security bulletins, systems are falling victim to this worm. Read up on what AO community members have to say about it, including some interesting tidbits from those that have 'dissected' it.