Bryan, over at BlendMart had this to say in response to one of our discussions about patching and firewalls and what not:
“On a side note… to the folks commenting at Life of a one-man IT department, just because all your ports are closed and you don’t have Internet facing servers on your network is no excuse to delay patching your machines. All it takes is one laptop user, one home dialup user, one VPN user to infect and disable your entire network.”
He left a similar comment on the post below, and I responded back, but I wanted to elaborate further. You see, of course, Bryan is right. You should install this patch in addition to having a correctly configured firewall. As I said, it’s never a bad idea. Of course, as a one-man shop I can tell you that there are simply times where you miss a patch, because you’re out of the office, or you just have too many other priorities to get to before you patch. This is why having a firewall and having all of you unnecessary ports closed is vital, to any home or workplace user.
Now, in as small an office as ours, I can personally monitor and lock down everything on our network. We don’t have any internet servers, we don’t allow dialup or VPN and our laptops are in locked configuration to only access the internet through our network. The second any of that changes, so does the risk, and therefore so does the way I handle patches. Every network is different and you may not handle things the same way that I do. That’s as it should be. If your network got Blasted because you didn’t patch and someone snuck in an infected laptop, or used VPN from an infected machine, shame on ya’, but there may be circumstances that caused it to happen. (although you still had a month, they’d have to be some pretty outrageous circumstances!) On the other hand, if you got infected without Blaster even having to find a secondary way in, because you didn’t patch OR run a proper firewall, double shame on ya’!
Ultimately, that was my point. Running a firewall and blocking ports doesn’t guarantee a secure network, there are a ton of steps beyond that, but if you’re not even doing that while you’re connected to the internet, you’re just asking for trouble.
Follow these topics: Uncategorized