Not a good week for all of you sysadmins out there. Not only has Microsoft announced a raft (well 5) of critical patches and numerous less serious ones, but Cisco Systems is in the process of reviewing its entire product set and lo and behold has identified flaws in the SSL code of pretty much all of them.
A significant number of these issues relate to the FREAK vulnerability, which we were muttering about last week. If you didn’t check out the recommended geeky detail, and have (or would like) a beard, here it is: https://www.smacktls.com/
The Microsoft bulletin is here.
The (scary) Cisco one here.
The sheer volume of patches, especially against old code libraries is becoming a massive headache all round and we think the industry is not only tarnishing its reputation, but there is a massive danger of ‘crying wolf’ syndrome developing, certainly in smaller companies with fewer sysadmins and a 24/7, five nines service requirement, like some cloud providers we could mention…
Of course we recommend you all to patch your systems in line with the vendors advice, and always will. However, we do advise that you apply some logic to your patch schedule and prioritise those patches that are more serious to your business (obvs).
We recommend that you understand your assets not just in terms of where they are and what they do, but also the value that they bring, and what they protect. We further recommend that you continuously monitor your most critical assets for vulnerabilities both from the inside and the outside (the nasty Interwebs) of your network.
Armed with your asset model and vulnerability data you can then make pragmatic decisions about what to patch and when, and more importantly, what to be worried about. But we have told you all this before, we even made a video about our five steps to security featuring our very own Wizard Chromas and his dragon sidekick Netsie: https://www.youtube.com/watch?v=1MMI0VKKn-g
If you would like to talk to us about our five steps to security, our NetSure360° managed security service which is built on them or the processes, procedures and technology that we recommend to make your lives easier, please contact us on: 020 7517 3900 or email: [email protected]
Happy patching.
