MS outages: Bad network design?

As Microsoft repaired the technical problems that prevented people from connecting to several of its major Web sites Wednesday, experts began criticizing one aspect of the software giant's network design that may have allowed the problems to occur.

As Microsoft repaired the technical problems that prevented people from connecting to several of its major Web sites Wednesday, experts began criticizing one aspect of the software giant's network design that may have allowed the problems to occur.

"Someone should really be embarrassed," said Paul Robertson, director of vulnerability assessment at security service provider TruSecure.

Microsoft scrambled Wednesday to find and fix the problem that had made its marquee sites, including Microsoft.com, Hotmail.com, MSN.com and Expedia.com, unreachable since late Tuesday night.

Microsoft was not certain if a technical glitch or a hacker was responsible for the outage, but it narrowed down the actual cause of the errors to its DNS (domain name service) servers, which are responsible for translating text Web names--for example, Microsoft.com--into the numerical addresses they represent.

No backup systems
According to Robertson, Microsoft or its network provider Akamai--which the software giant apparently uses to distribute content across the Internet--failed to create backup systems for distributing the DNS information over the Net.

However, Akamai spokesman Jeff Young said late Wednesday that Microsoft had absolved the company of having any role in the outage. A Microsoft representative could not immediately be reached to confirm whether the company has cleared Akamai.

Instead, all of Microsoft's servers shared the same physical network--a security flaw waiting to explode, Robertson said. "It is a poor design choice to not hand out server addresses on different network blocks."

Other major networks, including America Online, Yahoo and Disney, have backup servers on different networks, minimizing the threat from a single Internet attack or outage.

Microsoft declined to comment on its network design.

DNS specialist Stuart Bailey, founder and chief technology officer of DNS server maker InfoBlox in Evanston, Ill., agreed with Robertson.

"The domain name system is the most widely deployed distributed database," he said. "It is recommended to spread around the different copies of your data. We don't see customers of that size putting all their servers on the same (network) segment."

Bailey's company produces DNS servers for corporations and large organizations that need to have guaranteed service.

That might be something Microsoft will want. Wednesday's damages may add up to millions of dollars and a great deal of embarrassment, but the problems could have been worse, said TruSecure's Robertson.

Without reliable access, customers needing information and patches are out of luck.

"If a major security incident happened today, this would have been a disaster," he said.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All