Comment Re:quantitative results on security measures ? (Score 1) 45
I do agree with how security measures are implemented being the important thing. However, I have two comments:
1. If a firewall was configured to allow port 1434 connections into the network, then the firewall did not fail when the SQL server got infected with slammer. The firewall did exactly as it was told.
2. It's not always the admin's fault when it comes to their machines not always having the latest patches. A lot of times patches cannot be applied to a machine because it will cause the applications on that machine not to work. A lot of the admins who might get blamed were the same ones on the phone with the developers of their applications pleading with them to get their software ms-service pack compliant (before sql slammer was even thought of).
1. If a firewall was configured to allow port 1434 connections into the network, then the firewall did not fail when the SQL server got infected with slammer. The firewall did exactly as it was told.
2. It's not always the admin's fault when it comes to their machines not always having the latest patches. A lot of times patches cannot be applied to a machine because it will cause the applications on that machine not to work. A lot of the admins who might get blamed were the same ones on the phone with the developers of their applications pleading with them to get their software ms-service pack compliant (before sql slammer was even thought of).
