IRS Inoculates Against Blaster Using Electronic Distribution

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  
The IRS successfully protected thousands of servers and desktop PCs from the Blaster worm that exploited a Microsoft Windows vulnerability discovered in July, by using software distribution software from Tivoli Systems, an IBM company.

The IRS began its search for enterprise system management tools eight years ago, and spent about two years evaluating products. After a competitive evaluation between products from Tivoli, BMC and Computer Associates, six years ago the IRS selected Tivoli as its enterprise management tool suite.

The next three to four years were spent building and deploying the infrastructure.

"We have a large infrastructure," says Jim Kennedy, program manager, enterprise systems management for the IRS in Austin. The IRS is servicing 4,000 to 5,000 servers, and 125,000 desktops and laptops, about 30,000 of which are remote clients used by field agents.

Two years ago, the IRS began using the Tivoli Software Distribution product for pushing out software updates. After upgrading to the 4.1 version two months ago, the IRS was in good position to distribute the patch made available by Microsoft on July 16 to protect against the Blaster worm. The IRS spent two weeks testing the patch, primarily conducting an impact analysis to see what effect the patch had on running applications.

After the IRS Computer Incident Response Center detected the presence of the patch in the environment on Aug. 12, the IRS stepped up the pace of Blaster patch distribution. Within nine or 10 hours from then, 50,000 systems had been fixed; the patch was expected to be fully distributed by day-end on Aug. 20.

Calculating the ROI of electronic software distribution compared to sneakernet, Kennedy says based on each manual update taking 40 minutes and a pay rate of $45/hour, the IRS avoids $30 in costs per distribution, for an estimated benefit of $1.5 million in this case alone.

Kennedy said the 4.1 version improves on its predecessors by broadcasting the distribution to any connected device, instead of a single push to a single workstation, as was the method of previous versions.

IBM has since repackaged Tivoli Software Distribution and has combined it with Tivoli Inventory and renamed the product Tivoli Configuration Manager.