Andrew Hennell, president of industry organisation, the System Administrators Guild of Australia (SAGE-AU), said that it highlighted how much time companies allowed their systems administrators to spend on ongoing preventative maintenance.
While he said it wasn't an issue that some systems administrators had a dual role, which included acting as helpdesk operators, it was important that they got to spend enough time on maintaining a company's network security.
"In some companies they may have system administrators particularly looking at security...[but the] majority don't require a specific security sysadmin," Hennell said.
He believes that part of the problem is the priorities set by management, and how much time they allow individual system administrators to spend on tackling enterprise security. "The moment there's a problem everybody wants to know [the system administrator] and everyone wants you to fix the problem," he said.
"Often management pushes system administration to the background, or worse, while the systems are running fine, or worse they're retrenched to save money," Hennell said. "Then something like the SQL Slammer hits and the system administrators are called on to repair the damage immediately."
He warns that management often view the role of the system administrator as someone who performs regular backups and fixes things when they go wrong. The reality, Hennell believes, is that these staff should be empowered to anticipate and prepare for problems, even if they don't eventuate.
Nor is patching as simple as senior management may sometimes perceive. Hennell uses the example of a company he knows of which patched for SQL Slammer, only to find that this caused problems for staff using applications on one of their servers. "In that case the company was lucky it was an internal application, [so they were] able to firewall the machine off so it wasn't vulnerable."
Patches weren't always as simple as download, run, install and there it is, he added. "There may be dependencies on the machine, your users, your customers, other applications--all these things need to be looked at whenever you're applying the patch--it is a complex area for system administrators to be looking at."
Why don't the companies ultimately responsible for the vulnerability write a utility for IT use which in fact exploits (non destructively) the vulnerability, but thru which IT can then identify those machines which need to be patched. MS have their own MBSA tool (Microsoft baseline Security Analyzer) which is about an 80% solution.
c:\WINNT\ExploitUtility.exe /scan=172.26.1.0-172.26.56.0 /mask=255.255.255.0 /smtp=172.26.8.39 {Enter}
Plants a utilty on machines (with the vulnerability) within the IP address range specified which then sends an SMTP message to IP saying "Hi I'm machine ABCD and I need to be patched due to vulnerability XYZ".