Hacking activities are happening around us, from companies managing parking garages to Sony to Staples to whatnots
I've read Schneier's article which in essence telling us that there is no foolproof way to prevent hacking attempt
I do reckoned that "foolproof" in the IT field is nothing short of fairy tales, but still, I do think there ought to be ways, online and offline, that we can do, to at least cut down, to minimize, our companies' exposure to the (oft state-sponsored) hacking groups
Any link (or links), suggestion, recommendation, whatever, that you guys (and gals) can share?
Is there any protection against SMB worm ?
I've always considered SMB to be a steaming pile of crap for reasons that have nothing to do with security and this incident just adds another steaming shovel full of manure to that pile. The best protection agains SMB worms is not to use crap like SMB but pick something more secure instead, that is to say if such an animal even exists. In that case you can either try to find a vendor who offers a similar product and does a better job of testing and patching it than Microsoft does or go with an Open Source alternative which gives you the option of hiring a third party to test and patch it to your satisfaction. Mind you even if SMB is a pain to use the problem does not necessarily have to be with Microsoft. The problem could actually be with your systems department being lazy and negligent about patching their SMB software and the problem could also be with lax, amateurish or even non existent security policies or if you do have a proper security policy the problem could be a complete failure to enforce it. In that case you really only have one alternative and that is to light a fire under your people, fire them if they put up a fight and hire some proper sysadmins and a security chief with the same attitude toward instilling professionalism and security awareness in your employees and a marine drill sergeant has toward making proper soldiers out of every batch of teenage drama queens he is handed by the recruitment office.