Is Change Control Making the DNS Problem Worse?
I won’t name them for obvious reasons but I know multiple organizations that still haven’t patched their public DNS servers. In case you’ve been under a rock, US-CERT has released an advisory on the issue which affects a large majority of the DNS implementations in use today. However a patch has been available since the 22nd as well.
So, back to my original point, why haven’t these high-visibility organizations patched their DNS servers? Change Control. It’s as simple and complicated as that. The CCM process is so broken in most organizations that it can take week for standard changes and a week or more for so-called emergency changes. That makes the Internet a virtual buffet line for hackers looking to wreak havoc.
That begs the question, Ho do we make it better? CCM isn’t something that’s easily outsourced as it usually involves a cross-functional team of existing resources. I think the answer is communication. Emergency changes need a requisite amount of approval however there needs to be a process in place to obtain that approval by multiple methods as quickly as possible. There’s the tie-in to UC. FM/FM and FMC offer solid solutions to streamline the CCM process for most enterprises.
no, alex, the reasons you wont’t name them are NOT obvious, what gives?
Comment by gregorylent — July 27, 2008 @ 2:48 am