Response

ByMike McBride Reading Time: 2 minutes

Bryan, over at BlendMart had this to say in response to one of our discussions about patching and firewalls and what not:

“On a side note… to the folks commenting at Life of a one-man IT department, just because all your ports are closed and you don’t have Internet facing servers on your network is no excuse to delay patching your machines. All it takes is one laptop user, one home dialup user, one VPN user to infect and disable your entire network.”

He left a similar comment on the post below, and I responded back, but I wanted to elaborate further. You see, of course, Bryan is right. You should install this patch in addition to having a correctly configured firewall. As I said, it’s never a bad idea. Of course, as a one-man shop I can tell you that there are simply times where you miss a patch, because you’re out of the office, or you just have too many other priorities to get to before you patch. This is why having a firewall and having all of you unnecessary ports closed is vital, to any home or workplace user.

Now, in as small an office as ours, I can personally monitor and lock down everything on our network. We don’t have any internet servers, we don’t allow dialup or VPN and our laptops are in locked configuration to only access the internet through our network. The second any of that changes, so does the risk, and therefore so does the way I handle patches. Every network is different and you may not handle things the same way that I do. That’s as it should be. If your network got Blasted because you didn’t patch and someone snuck in an infected laptop, or used VPN from an infected machine, shame on ya’, but there may be circumstances that caused it to happen. (although you still had a month, they’d have to be some pretty outrageous circumstances!) On the other hand, if you got infected without Blaster even having to find a secondary way in, because you didn’t patch OR run a proper firewall, double shame on ya’!

Ultimately, that was my point. Running a firewall and blocking ports doesn’t guarantee a secure network, there are a ton of steps beyond that, but if you’re not even doing that while you’re connected to the internet, you’re just asking for trouble.

Share with your friends!
LinkedInBlueskyMastodonThreadsRedditBuffer

Similar Posts

  • Some ideas..

    ByMike McBride Reading Time: 1 minute

    William left a comment to the effect that the version of Red Hat I was trying to install uses LILO and that might be the thing that’s interfering with the NT-based install. (That’s why it worked flawlessly with 98 and not on this new server.) Getting a later version that uses a different boot loader…

  • What I’m Sharing (weekly)

    ByMike McBride Reading Time: 1 minute

    How prepared is your IT department for the next legal hold Human error to blame for 9 in 10 UK data breaches last yea Smart Cities seem inevitable – but how smart is the cybersecurity protecting them? 3 facets of today’s switched-on social networker– People are getting smarter about social media usage, because we simply…

  • Thanks!

    ByMike McBride Reading Time: 1 minute

    Just wanted to thank Kevin, Jevon, Lloyd and Andy for their thoughts concerning mail servers and what not. Lots of different options that are going to have to be explained to the powers that be. Of course that’s assuming I ever get a handle on all of the different options! Of course the more confusing…

  • Never let the truth get in the way of a good story

    ByMike McBride Reading Time: 1 minute

    Web Movie Piracy Up 20 Pct or More This Year-Study -now what I want you to notice about this story is not so much the main fact, but the way in which certain internet technologies are portrayed, because I believe this is a precursor to an attack by the MPAA and RIAA against Usenet and…

  • Store order

    ByMike McBride Reading Time: 1 minute

    Just a quick note. I noticed that someone purchased a baseball jersey from the One Man IT Department Store. To this individual I say, thank you, first off! Also, would you consider dropping me a line and letting me know about the quality of the baseball jersey? I like to keep up with what Cafepress…

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

To respond on your own website, enter the URL of your response which should contain a link to this post's permalink URL. Your response will then appear (possibly after moderation) on this page. Want to update or remove your response? Update or delete your post and re-enter your post's URL again. (Find out more about Webmentions.)