Are MCSEs Prepared for Code Red?
The SANS Institute says no. Microsoft begs to differ.
Code Red spreads onto IIS servers worldwide, is thwarted, mutates and reinfects. So far, the virus has recycled itself in this manner and seems to be getting stronger. Are MCSEs prepared to handle this problem. According to the SANS Institute, the answer is no. In a ComputerWorld
article this week("Microsoft MCSE training faulted," by Dan Verton, http://www.computerworld.com/storyba/
) SANS suggests in an e-mail campaign that the security portions of Microsoft's training and certification program inadequately prepares MCSEs to deal with this particularly pervasive virus.
Whether the SANS comments come off as truthful or clever marketing, the claim can infuriate those who've worked hard to achieve the MCSE upgrade. "The story is incorrect in its basic premise," says Keith Ward, senior editor at MCP Magazine who's currently going through his own upgrade. "Basic security is covered adequately. Is it in-depth? No way."
Adds Ward: "To truly become an expert in anything, you have to devote time specifically to that technology. That's not how I see the MCSE."
Training for the MCSE isn't specialized, but the emphasis on security within the MCSE curriculum is evident. As Dean Murray, Microsoft's director of courseware development, who also disagrees with the SANS comments, explains, "We provide two levels of security training. Appropriately trained MCSEs can deal with this problem. We went back into the courseware to see how we deal with security within the context of Code Red. We provide a high-level course, 2150. I'm of the opinion that the 400,000 MCSE out there don't need this level of training unless their jobs deal with architecting and designing a secure network."
Murray points out that within the context of Code Red, "it's a security vulnerability in IIS. Students in course 2295 [Implementing and Supporting Internet Information Services 5.0] go through the process of installing patches," as well as other processes, such as setting up a digital certificates, monitoring traffic, setting up secure VPN access. He also points out that the savvy admin doesn't even need extensive training to apply the patches, which have been available for months on Microsoft's Web site.
Kris Vezina, group manager of content development for Microsoft's exams, emphasizes that Microsoft's training group considers security of utmost importance. "The fundamental basis for adding security is a job task analysis we did in 1999. Security was the most important task [listed by MCSEs]."
To keep up with security vulnerabilities in Microsoft's products, Microsoft issues its Security Bulletin via e-mail. For months, Microsoft has made available updated IIS patches that deal with the Code Red virus. To subscribe to the security bulletin and get information the Code Red patches, go to http://www.microsoft.com/security/.
Michael Domingo is executive editor of MCPmag.com and hosts the Redmond Radio podcasts.