How do we do section 9 projects, keep systems running, and record a weekly podcast while having full time jobs? We need the right combination of tools and process.

Time to talk about the new job. Can’t say much yet. I start this coming Tuesday. I can say that what they offered was too good to believe. They want to do the things we talk about on the show. Proper planning, management, documentation. They even talked about work life balance. Who in today’s world talks about work life balance?

Time to start securing systems and software. To do that, we’re using the CIS benchmarks. These are configuration guides for things like Windows 10 and BIND 9. The two things we’re focusing on. We have to start somewhere.

Are we going in the right direction? Are we doing the things we said we would? Time for a quick review. Overall, we’re doing pretty good. There are a few things we need to work on. That’s okay. Now’s the time to figure that out. We still have a long way to go.

We found a couple of vulnerabilities during our weekly patch review. According to Automox, we needed to update Google Chrome and Microsoft’s .NET framework. This lead to a discussion about patching early. Don’t panic. Make a plan before you do anything. Patching early could break something.

CORRECTION

1. Google Chrome versions prior to 76.0.3809.132 are vulnerable

We’ve got a Synaccess network connected power strip. Devices like this aren’t built with security in mind. Is this device a security issue? Should we be concerned? Could a hacker access this device?

We have business & tech issues to deal with. On the business side, we have some basics to take care of. It’s part of doing business. On the tech side, we’ve decided to focus on Risk Assessments. We’re conducting two kinds. A quick critical controls assessment, and a business impact assessment.

It’s official! We can say we’ve double checked our patch process. It’s quick and easy. We still have to double check our 3rd party apps. We’re hoping to start that process before the end of the month.

Remember, patching is one of the most important things you can do for your overall security. When wast the last time you double checked your patch process?

I finally downloaded, installed and tested Nessus Essentials. It worked out better than I expected. While it does have some limitations, it found Vulnerabilities on our servers. It’s another tool for the tool box. This version is free.

What I thought were Automox issues turned out to be our issues. We go over the good and the bad. We’re a few steps closer to a good patch management process.