Patching and Updates
The idea that patching and updates follows the backup section is not an accident. While patching and updating your systems is strongly recommended, many IT professions have concerns about rolling out newly released software to servers and devices.
Undoubtedly, there have been times when some patches and or updates have cause issues or even wreaked havoc in computing environments. However the enormous need for security largely outweighs the possibility of a cyber attack due to an un-patched system.
Many IT professionals deploy updates in stages or waves. If your servers are categorized by functionality i.e. web, mail, database, etc, rolling out updates based on category may be a good strategy. Another way to categorize servers for patch deployment is by utilization i.e. production, development and test.
Many IT professions deploy Windows updates to desktops based on Active Directory Organization Units. Depending on how AD is structured, this can be an good strategy for gradually rolling out patches and security updates.
Some good utilities for patch and security update deployment include SCCM and WSUS. Remember to include your remote devices as well.
Patches and updates should be regularly scheduled. It’s good to configure monitoring and logging tools to alert your team of needed and required patches or updates.
If snapshots have been implements, these are a great tool for rolling back systems or files if ill affected by a security update or patch. Again, a good backup solution and policy can save the day.
SSL Certificates
As discussed in the cyber security section, a SSL certificate ensures the data being communicated between browsers and servers is encrypted. It’s a good idea to consider SSL certificates for other appliances as well. Devices such firewalls and mail appliances can be made more secure by implementing SSL certificates. If you require assistance or support with integrating SSL certificates into your network, please do not hesitate in contacting www.Danntech.Net.
End Point Security
As we discussed in the cyber security section, centralizing end point security is a good practice. Centralized desktop anti-virus and Mobile Device Management solutions are strongly suggested to help keep mobile devices secure and safe from threats.
Again, I cannot stress enough the enormous need to educate your end user community about cyber security and safe computing. As some staff member’s laptop, phones and tablets are accessing the Internet more than servers or other pieces of equipment, the need to keep mobile devices secure is urgent.
It’s also good to have reporting enabled or configured to create incidents or tasks for resolving anti-virus issues.
Mail and Messaging
In the fast pace world of today, many of us depend on e-mail and messaging heavily. In some cases, e-mail going down or being unavailable can bring business to a halt.
With that said it’s good to understand your mail and messaging systems. Know the components and how the mail flows. When you create network diagrams, your mail messaging system is an excellent place to start.
If your organization is currently using an on-premise mail system, I strongly suggest migrating to a hosted mail service such as Office 365. If you’re interested in learning more about migrating to Office 365, contact us at www.Danntech.net.
VPN and Remote Access
Many people are telecommuting and working remotely.
It’s unlikely that your organizations have not implemented some form of VPN or remote access solution. However if that is the case, consider enabling or integrating VPN access ASAP. You will need it.
As remotely connected devices essentially become nodes on your network after connecting, its best practice to implement the same level of security for remote devices as you would for directly connected end points.
Your VPN solutions should be configured to perform some checks of remote machines before allowing connection. Before connecting, remote devices should have anti-virus software installed. Also, the device’s anti-virus definition file, security updates and patches should be current..
Contacts and Contracts
An up to date record of contacts is a necessity. This record should include:
- Vendor support phone numbers
- Account numbers
- Points of contact
While, contract information and service agreements should be kept together, often when contacting vendors a contract number may be required. It’s a good idea to keep contract numbers that are associated with vendors in your contact record.
Incident Reporting
If you have an incident reporting or ticketing solution in place, go through the open tickets. If the ticketing solution has reporting options, attempt to gather some information. It’s good to know the most common issues and how long tickets have been open.
If you do not have a incident reporting solution, put one in place ASAP. It’s challenging to know what issues your organization is experiencing if end users have no reliable way of communicating concerns. Also, a ticketing system is an excellent way to track, record and document issues as well as resolutions.
ZenDesk is a good choice for incident reporting.
*Danntech Tip – The best way to “solve” problems is to deal with incidents and fix issues before they grow. You can manage incidents. It’s best to eliminate problems.
Applications
Similarly to inventorying your infrastructure, it’s good to know which application and software packages are in use by your organization. The inventory of software and applications should include:
- Application name
- Which department, team or person uses the software
- Number of licenses
- Number of installations
This information may prove quite useful when managing and structuring Active Directory and Group Policy.
If your organization is using Enterprise Resource Planning (ERP) software or an Electronic Medical Records system (EMR) it good to keep a record of accounts for these systems.
The application inventory is also a good time to initiate conversations with your end users. An important question to ask, “Are the applications you’re using working?”
It’s a good idea to schedule reoccurring meetings with departmental managers and executive leadership. This is another major part your compass.
Software Licenses
As you inventory your applications, this is a good time to capture software licenses as well. It’s good to know how many licenses you own or lease vs the number license in use for your software packages. This will help you stay in compliance and out of trouble. You may never be audited. However if you are, you’ll be a step ahead with an up to date license inventory. I strongly suggest utilizing Microsoft’s Volume License Service Center to help keep track of your Microsoft software licenses.