PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
November 2003

How the Navy's isolation policy stopped the spread of the Welchia worm

Welchia, a variant of the Blaster worm, crippled the Navy/Marine Corps intranet, denying network connections to nearly 70,000 users. Yet, the rest of the Pentagon was spared from widespread infection because the Navy's intranet is segmented from other military departments. The Navy's isolation was more the result of Pentagon politics than good security planning. The different military departments and agencies have stovepipe infrastructures to maintain their independent identities. But the lesson is clear: Partitioning your network into trust zones helps contain malware outbreaks. Welchia was designed to remove the original Blaster worm, but its scans had the effect of a denial-of-service attack. The worm's activity put a heavy load on the Navy's infrastructure. Anomaly-based intrusion detection solution Peakflow, by Arbor Networks, proved an effective weapon in the Pentagon's battle with Welchia. When a switch heated up with an unusual load, the operations team shut down the hot port and quarantined the infection. The Pentagon's...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue