This week Etienne Greeff, professional services director, MIS Corporate Defence Solutions, underlines the importance of regularly updated patches to protect internet-based email.

Last month a major vulnerability with Sendmail was revealed - a problem that many overworked administrators have yet to fix.

As Sendmail carries between 50 and 70 per cent of all internet email, this flaw could mean hundreds of thousands of machines will need to be patched.

If patches are not applied, the internet could be left facing a network security 'perfect storm', as hackers develop new attacks based on the vulnerability.

Recent big security nasties, including Slammer and Bugbear, have driven home the dangers of the hybrid threat.

A hybrid threat is essentially a 'canned hack' that targets a known vulnerability, and spreads using traditional virus techniques.

Past vulnerabilities and subsequent attacks have focused on less critical and prevalent servers, including the recent attack against Microsoft SQL servers.

The fact that there is a large population of vulnerable servers out there increases the danger of a hybrid threat.

But it will be a number of weeks before we know if there is going to be any widespread damage.

In the case of Slammer, the outbreak happened more than six months after the vulnerability was discovered.

It really depends if someone with too much time on their hands decides to try and write malicious code that will exploit the vulnerability.

If they do, depending on what and whom they target, it is possible they will bring internet-based email to its knees.

As a business tool, email is critical for most corporations, so downtime for longer than a few minutes is not an option.

If the Sendmail vulnerability does strike in a significant way, it is likely that IT managers are going to be faced with the harsh reality of having to take down these servers until they can be secured.

Businesses need to wise up to the fact that if they are running internet-facing servers there will always be security issues and potential compromises.

They need to put in place strategies to take into account that there will always be an inherent risk, even if the nature of that risk - or where and when it will be present - is not understood.

One approach is to return to the notion of the consistent Demilitarised Zone (DMZ). This is where mail servers are positioned in specific zones and are restricted from connecting to any internal machines.

If this is done, the impact of any compromise is contained within the zone, impeding the spread of the threat.

But all too often DMZs are merely positioning exercises, and are not supported with rules on the firewall to complement the position.

As with any vulnerability, this points to the importance of patching servers and making sure they are kept up-to-date.

But, for network administrators, this process is becoming an unrelenting wave of patches that need to be sorted through.

Most network administrators will admit that their networks are not fully updated with security patches.

There are a couple of things that can help to take the pressure off administrators and ensure that servers are as secure as possible.

One possible course of action is to deploy a filter to sort the wheat from the chaff with patches.

This allows administrators to list servers relevant to their network and, when a patch is released, the filter will automatically check to see if it is relevant for the specified servers.

If a patch is applicable the real challenge starts, as administrators need to assess the impact of applying the patches to business-critical servers, arrange for downtime, identify the locations of the servers and arrange for logical access to them.

This complexity possibly explains why most networks are not up-to-date with the latest security patches.

Configuration management tools can also aid in the control of these types of attacks. Because they look for changes to critical servers this can help speed response time and hence reduce damage.

And intrusion prevention systems, essentially in-line intrusion devices looking at traffic entering the network, are emerging.

One of these with up-to-date signatures affords an administrator time to bring the internal network's affairs in order.

As always, these vulnerability alerts serve to jolt businesses from their semi-comatose approach to IT security.

Unfortunately, even though experts advise repeatedly on the necessity of due diligence and increased vigilance, each jolt seems not quite hard enough to bring them to their senses.

But if email disappears? Maybe that will be the wake-up call to galvanise them into action ... if rather too late.