I thought today I would try to tackle a few misconceptions around internet security and patching that I see doing the rounds every now and again.
As someone who, once a week or so, checks for updates on my own Windows machine I often find the complete disdain that users can have for updates a bit befuddling.
The internet has at least the potential to be a very nasty place and has some real nasty folk out there who want nothing more than to get into your stuff.
Patching is More Important Than You May Think
Some people, when I talk to them about security, seem to have a strange approach, and while I can’t quite put my finger on it exactly my feeling is that they think like this: “What is the likelihood, if my machine is not patched for a month, that someone is going to stumble across it in the vast sea of devices just when it becomes vulnerable?”. Ahhh! If only life was that simple and the internet was that innocent. Well, if that was your question in so far as it is one, I’m glad you asked.
Let me introduce you to Shodan. Every time I hear this, for some reason, it reminds me of Richard Chamberlain and his 1970’s TV series, Shogun. Alas, the two are unrelated and I have aged myself. Ah well. Shodan is a great example, not the only one, of what is possible. It is a database of internet–connected devices that is constantly updated. So, if I wanted to know how many Citrix servers were out there on the internet you need only query the database. It reaches out like a snake flicking its tongue and senses what’s there. This database lifts more than just the type of server; it also lifts many other useful pieces of information. So, for example, one might be able to ask how many Windows 2012 servers there are that are running remote desktop services. It may not be an exact science but it’s a good approximation.
Patching = Protection
If you get the possibilities of this you will understand how important patching is. Basically, the internet knows all about your servers, where they are, and what they are running, so when a vulnerability is discovered the hackers don’t have to find your server – they know where it is and can just start targeting it. Getting your patching done as quickly as possible in general is a great idea and that goes doubly if the machine is internet–facing.
Every now and again people have issues with patches. I’ll be honest, it still amazes me that patches are as good as they are. Anyone who has spent any time writing software knows how hard it is to merge changes into production software. I tip my hat to them; I have had issues with patches too. I spend more time than the average at the bleeding edge and there are more issues there than anywhere else but I still get my patches as soon as I can. I’m hoping this article will give you a greater appreciation for patches, the urgency around installing them and an acceptance that, while they can cause a few issues, you are far better dealing with the issues around patching than with issues that involve losing your data. If only getting your data back in a ransomware attack was as easy as uninstalling a patch…