|
Tab8715 posted:For organizations that don't deploy windows updates to desktops immediately after release, how do you keep the latest security threat out? Some organizations just don't give a poo poo about security man.
|
#
?
Oct 16, 2014 06:36
|
|
|
|
| # ? Apr 19, 2024 12:14 |
|
|
along the way posted:WSUS is dead easy to implement. Might want to setup a small test group too so you can roll out the updates to them first before approving them for the whole office. Not fun coming into work realizing an overnight update caused every other client PC to not boot/do weird poo poo. Yes, do this. There was an update to IE ~3 years ago that changed something to do with how it negotiated SSL connections and it broke an app that literally the entire company I worked at relied on daily. That was a fun day. The takeaway from an incident like that (and every sysadmin probably has one) isn't "don't patch lol". It's to do exactly what Along the way said. Create a test OU that covers a small number of tech savvy users outside of the IT group. People in customer support or development or sales who actually use all of your supported apps and can provide useful feedback if they suddenly break. Don't make your test group consist of just yourself or the IT team; you don't use the apps the same way the real users do. They will catch issues you never would. Roll updates to the test group. If everything is good for whatever period you deem appropriate, update everyone else. If not, block the update and either wait for it to be reissued or work out a mitigation strategy. And god drat, set up WSUS and stop RDPing into everyone's desktop 
|
|
#
?
Oct 16, 2014 06:59
|
|
|
IBM did something like that with beta / preview versions of Lotus Notes. You'd apply to be part of the beta program, and if your job title matched something technical like IT Specialist (they have catchall job titles, then job roles are more defined, so it'd be something like IT Specialist / Network Architect) the upgrade would get pushed. It'd be appealing as all hell because the new version would add incredibly basic functionality that every other email client has had for a decade, like the ability to search by sender, or threaded conversations. Then some relatively trivial functionally, but critical from a production perspective, piece of it would break, and you'd put in a bug note to the dev team and ideally get a hotfix back super quick. For instance, threaded conversations with participants in more than two time zones didn't work with 9.0.0. My lead put in a ticket, and a patch was put out within the hour. Pretty great and efficient, outside of edge cases like something critical breaking at night on a holiday, when nobody from the dev team is around to fix it. Although the only takeaway from using Notes is "never use Notes".
|
|
#
?
Oct 16, 2014 10:37
|
|
|
Tab8715 posted:For organizations that don't deploy windows updates to desktops immediately after release, how do you keep the latest security threat out? You still wait 'cause one of the patches in the batch Microsoft rushed out because of Sandworm has a no-boot issue. 99% of the time Windows Updates aren't an issue until they suddenly become a goddam huge one.
|
|
#
?
Oct 16, 2014 11:12
|
|
|
Tab8715 posted:For organizations that don't deploy windows updates to desktops immediately after release, how do you keep the latest security threat out? We deploy to a test machine, let it run for a few days and then deploy to production. To be honest, most SMB environments are too small for the creators of these exploits to bother with. With that said, reducing your external attack surface and training the users can mitigate a lot of malware based attempts.
|
|
#
?
Oct 16, 2014 11:53
|
|
|
Tab8715 posted:For organizations that don't deploy windows updates to desktops immediately after release, how do you keep the latest security threat out? Depending upon your organization's size and budget, most IDS/IPS manufacturers will usually expedite the release of signatures to detect major exploits soon after they're discovered. Generally, your security analysts will specifically look for those exploits during your testing and evaluation phase for patches. This can be an imperfect solution if the exploit is so simple that it would generate a large number of false positives, but it's usually the best tradeoff between breaking your production environment and leaving everything completely unprotected while testing is under way.
|
|
#
?
Oct 16, 2014 13:15
|
|
|
We rely on the user to perform the updates  Unfortunately that's the case for Adobe and java as well, so we end up with lots of Ask Toolbars and Mcaffee security scans
|
|
#
?
Oct 16, 2014 13:31
|
|
|
Docjowles posted:And god drat, set up WSUS and stop RDPing into everyone's desktop We don't RDP into user's machines, we only patch the servers on patch days. Desktop patching is up to the user, but my users are quite tech-savvy and we've had zero problems decentralizing that part of the process. No Ask toolbars or anything. I like my users.
|
|
#
?
Oct 16, 2014 14:30
|
|
|
along the way posted:WSUS is dead easy to implement. Might want to setup a small test group too so you can roll out the updates to them first before approving them for the whole office. Not fun coming into work realizing an overnight update caused every other client PC to not boot/do weird poo poo. At least once a year Microsoft has to rollback a patch that they sent out that ends up loving something up. Just be like a week behind on your updates and you'll be fine. I'm about to head to my 5th meeting about getting automatic updates pushed out. 5th! Why does something so simple have to take forever?
|
|
#
?
Oct 16, 2014 14:50
|
|
|
psydude posted:Depending upon your organization's size and budget, most IDS/IPS manufacturers will usually expedite the release of signatures to detect major exploits soon after they're discovered. Generally, your security analysts will specifically look for those exploits during your testing and evaluation phase for patches. This can be an imperfect solution if the exploit is so simple that it would generate a large number of false positives, but it's usually the best tradeoff between breaking your production environment and leaving everything completely unprotected while testing is under way. Yep exactly this. Example: http://emergingthreats.net/daily-ruleset-update-summary-10142014/ I don't know if I'm a fan of ET's rules, but they kick them out quickly and you get to say in response meetings that signatures are in place if the platform vendor hasn't released theirs yet.
|
|
#
?
Oct 16, 2014 14:54
|
|
|
I like how I installed Windows 2012 Datacenter and it is running 6 VMs with Hyper-V, and it is telling me right now that it needs to reboot to apply updates, and if I click "later" it will restart in a day. Who the gently caress do you think you are, server?! You have a lot of responsibilities now, you reboot when I tell you. Edit: Also is HP's driver download portal down right now, is this the loving twilight zone? Zero VGS fucked around with this message at 15:18 on Oct 16, 2014 |
|
#
?
Oct 16, 2014 15:10
|
|
|
If you have a decent imaging infrastructure, you don't have to worry about breakages from patching right away because rolback becomes trivial. 
|
|
#
?
Oct 16, 2014 15:21
|
|
|
BaseballPCHiker posted:At least once a year Microsoft has to rollback a patch that they sent out that ends up loving something up. Just be like a week behind on your updates and you'll be fine. I do the test groups mostly to test for updates that aren't broken from MS's perspective but which might break our in-house or third party apps. Rare occurrence, but it happens. As someone suggested above, I have a group of power users from each department who get the updates first so they can test these issues for me by basically just working as they normally do and report back if there are any major problems with their apps/system potentially caused by an update. After a couple weeks and no issues, I begin approving the updates for the rest of the office.
|
|
#
?
Oct 16, 2014 15:23
|
|
|
Misogynist posted:If you have a decent imaging infrastructure, you don't have to worry about breakages from patching right away because rolback becomes trivial. And on that note I just bought $3000 worth of Snap Deploy 5 licenses and this thing sucks. True Image has worked perfectly for me every time I've used it yet Snap Deploy from the same company has tossed out 10 different errors with 10 different models of PC. Restoring the same image (which Snap Deploy created) with True Image works fine yet Snap Deploy can't restore them itself. I feel like I'm beta testing their poo poo for them. They even had the gall to send me to India tech support a day after I bought this stuff. They used to just bring an engineer into the call.
|
|
#
?
Oct 16, 2014 15:25
|
|
|
Zero VGS posted:I like how I installed Windows 2012 Datacenter and it is running 6 VMs with Hyper-V, and it is telling me right now that it needs to reboot to apply updates, and if I click "later" it will restart in a day. Some defaults are the worst, here's a big pet peeve of mine.  Why would you ever leave this off?
|
|
#
?
Oct 16, 2014 15:52
|
|
|
Tab8715 posted:Why would you ever leave this off? User response: "It takes up too much room."
|
|
#
?
Oct 16, 2014 16:03
|
|
|
Pudgygiant posted:IBM did something like that with beta / preview versions of Lotus Notes. You'd apply to be part of the beta program, and if your job title matched something technical like IT Specialist (they have catchall job titles, then job roles are more defined, so it'd be something like IT Specialist / Network Architect) the upgrade would get pushed. It'd be appealing as all hell because the new version would add incredibly basic functionality that every other email client has had for a decade, like the ability to search by sender, or threaded conversations. Then some relatively trivial functionally, but critical from a production perspective, piece of it would break, and you'd put in a bug note to the dev team and ideally get a hotfix back super quick. For instance, threaded conversations with participants in more than two time zones didn't work with 9.0.0. My lead put in a ticket, and a patch was put out within the hour. Pretty great and efficient, outside of edge cases like something critical breaking at night on a holiday, when nobody from the dev team is around to fix it. One of the schools my wife teaches at uses Lotus Notes for email. She asked me how she could search. I poked around the interface, I googled, I can't figure out how to search. So yeah, never use Notes. When she first showed it to me I was like wuuuuuuuuuuut 
|
|
#
?
Oct 16, 2014 16:26
|
|
|
Tab8715 posted:
Is this a real question? Because I like and want the choice to display or hide what I like.
|
|
#
?
Oct 16, 2014 16:36
|
|
|
Thank you, iTunes, for causing a Code 19 on this laptop's DVD drive.  Took all of 10 seconds to Google after reinstalling the drivers didn't fix it. But seriously, why are you so bad iTunes.
|
|
#
?
Oct 16, 2014 16:38
|
|
|
Tab8715 posted:Some defaults are the worst, here's a big pet peeve of mine. Because I have a shitload of poo poo running 
|
|
#
?
Oct 16, 2014 16:49
|
|
|
FISHMANPET posted:One of the schools my wife teaches at uses Lotus Notes for email. She asked me how she could search. I poked around the interface, I googled, I can't figure out how to search. So yeah, never use Notes. When she first showed it to me I was like wuuuuuuuuuuut Everything before 9.x has a really loving hidden magnifying glass button in one of the left pane menus. 9.x has a search bar at the top, so that's an improvement. Unfortunately the search backend is still a Mexican kid reading through all your emails, so a search of a mailbox with 3 emails takes an hour and locks up your entire system. Also as of when I left earlier this year you could only search plain text, not anything fancy like "sender: " or "date: ".
|
|
#
?
Oct 16, 2014 16:49
|
|
|
Santa is strapped posted:Because I have a shitload of poo poo running Looks like you need a bigger monitor then. (That's not a joke, if you can't fit all the poo poo you're running in your systray you need a bigger monitor. I'm totally with Tab on this one, should be a default to show all icons).
|
|
#
?
Oct 16, 2014 16:59
|
|
|
I force the notification tray to show via GPO so I can see immediately if there is any WeatherBug, etc bullshit going on if I have to troubleshoot a workstation.
|
|
#
?
Oct 16, 2014 17:03
|
|
|
Pudgygiant posted:Everything before 9.x has a really loving hidden magnifying glass button in one of the left pane menus. 9.x has a search bar at the top, so that's an improvement. Unfortunately the search backend is still a Mexican kid reading through all your emails, so a search of a mailbox with 3 emails takes an hour and locks up your entire system. Also as of when I left earlier this year you could only search plain text, not anything fancy like "sender: " or "date: ". Also she uses the web interface exclusively.
|
|
#
?
Oct 16, 2014 17:10
|
|
|
Potato Alley posted:Looks like you need a bigger monitor then. That's dumb, I hide a lot of stuff in my system tray, why on earth do I always need to see Outlook "O" icon while I have Outlook open on one screen 24/7. It makes total sense to hide some icons.
|
|
#
?
Oct 16, 2014 17:35
|
|
|
Santa is strapped posted:Because I have a shitload of poo poo running Make it double-wide? I want to know what's running on my workstation or what isn't running. It's not like display real estate is at a high-cost with HD Monitors.
|
|
#
?
Oct 16, 2014 17:46
|
|
|
CLAM DOWN posted:That's dumb, I hide a lot of stuff in my system tray, why on earth do I always need to see Outlook "O" icon while I have Outlook open on one screen 24/7. It makes total sense to hide some icons. Why the gently caress does every app need an icon?
|
|
#
?
Oct 16, 2014 17:53
|
|
|
Tab8715 posted:Make it double-wide? Then tick the button.
|
|
#
?
Oct 16, 2014 18:07
|
|
|
I wanted to say thanks for the career advice you guys gave me a little while ago about taking the job with the Indian staffing company that seemed shady. I declined their offer. Turns out that a much better position which I had applied for that I thought was a long shot has offered me a contract! I'll be working on a project for the government that I think will really further my career. I just accepted the offer today. I'm new to not only contracting, but government jobs as well so I'm excited but a bit nervous. I need to get my Security+ certification and pass a secret clearance investigation before I can log into a government server and really start work. Good news is that until then I'll still be billable and will just be working in an advisory role to the rest of the team. Does anybody have any advice on studying for and passing the Security+? I don't have any other certs so I'm a complete newbie there, too. Also, can anyone tell me what to expect from a secret clearance investigation and give me any advice on the process?
|
|
#
?
Oct 16, 2014 19:54
|
|
|
Bob Morales posted:Why the gently caress does every app need an icon? Gotta have something to associate with those loving balloon announcements that never matter ever.
|
|
#
?
Oct 16, 2014 19:59
|
|
|
Phil Tenderpuss posted:I wanted to say thanks for the career advice you guys gave me a little while ago about taking the job with the Indian staffing company that seemed shady. I declined their offer. Turns out that a much better position which I had applied for that I thought was a long shot has offered me a contract! I'll be working on a project for the government that I think will really further my career. I just accepted the offer today. Congrats! Sounds awesome. You should have np with the clearance, it just takes a while. They care more about credit history than they do actual criminal offenses, and there isn't a very high bar set either. As for Sec+: http://blogs.getcertifiedgetahead.com/security-blog-links/ this and only this. Potato Alley posted:Looks like you need a bigger monitor then. I have 2 24" monitors and still hide my notifications because I don't give a poo poo. But I do have taskbar buttons set to "never combine" Fiendish Dr. Wu fucked around with this message at 20:26 on Oct 16, 2014 |
|
#
?
Oct 16, 2014 20:24
|
|
|
Can anyone recommend any decent security blogs? I'm not well-informed on that side of the industry because it's outside of my purview, but I would like to stay informed.
|
|
#
?
Oct 16, 2014 20:30
|
|
|
Ashley Madison posted:Can anyone recommend any decent security blogs? I'm not well-informed on that side of the industry because it's outside of my purview, but I would like to stay informed. Krebsonsecurity.com if you aren't already visiting it. He's the guy who broke the Target breach story late last year, and a few other big stories besides.
|
|
#
?
Oct 16, 2014 20:39
|
|
|
Ashley Madison posted:Can anyone recommend any decent security blogs? I'm not well-informed on that side of the industry because it's outside of my purview, but I would like to stay informed. It's not a blog but I really like the Security Now podcast to stay up to date.
|
|
#
?
Oct 16, 2014 20:43
|
|
|
Ashley Madison posted:Can anyone recommend any decent security blogs? I'm not well-informed on that side of the industry because it's outside of my purview, but I would like to stay informed. Security like what?
|
|
#
?
Oct 16, 2014 20:48
|
|
|
Ashley Madison posted:Can anyone recommend any decent security blogs? I'm not well-informed on that side of the industry because it's outside of my purview, but I would like to stay informed. A few and in no order: http://www.darknet.org.uk/ http://www.wired.com/category/threatlevel/ http://krebsonsecurity.com/ http://nakedsecurity.sophos.com/ http://threatpost.com/ http://blogs.technet.com/b/security/ http://www.fireeye.com/blog/ http://blog.sucuri.net/ Bloodborne fucked around with this message at 20:56 on Oct 16, 2014 |
|
#
?
Oct 16, 2014 20:53
|
|
|
Fiendish Dr. Wu posted:Congrats! Sounds awesome. You should have np with the clearance, it just takes a while. They care more about credit history than they do actual criminal offenses, and there isn't a very high bar set either. Awesome thanks! I'll get that book and start studying. Good to hear that the clearance investigation isn't as strenuous as I thought it might be. I've got exceptional credit so that won't be a problem. Do you know how much talking to my former employers will factor into their decision? I was fired from my last job due to some personal problems I was having at the time (they still said they'd give me a recommendation so not on bad terms) and at the job I had before that the boss hates me since I kinda screwed him over. If they talked to my last employer I'm not sure what they'd say but if they talked to that guy, he'd definitely try to gently caress me over.
|
|
#
?
Oct 16, 2014 21:01
|
|
|
From my understanding of the security clearance process, there's only one real question: Are you susceptible to blackmail or bribery? Having a manageable amount of debt isn't a big deal, but if you reach a point where they think you'll be under enough stress to do something dumb to get money, that's a risk. Being gay isn't a big deal, being secretly gay might be a problem if they think you'd do something dumb to keep it secret.
|
|
#
?
Oct 16, 2014 21:10
|
|
|
Money/lack thereof is viewed as most important because historically, that's what informants/spies fall for. If you have a weakness it's important to demonstrate how you're actively working to resolve that weakness. Here's a list of judgements from 2012. Industrial, but other categories are listed on the site as well. http://www.dod.mil/dodgc/doha/industrial/2012.html
|
|
#
?
Oct 16, 2014 23:29
|
|
|
|
| # ? Apr 19, 2024 12:14 |
|
|
Misogynist posted:If you have a decent imaging infrastructure, you don't have to worry about breakages from patching right away because rolback becomes trivial. try reimaging hundreds of PCs over <10mbps WAN links. Hell, some of my branch locations still only have 1x or 2x MPLS T1s. We auto approve critical and security updates, and manually approve anything else. We have yet to have a serious issue.
|
|
#
?
Oct 17, 2014 00:29
|
|
