EH-Net

So last time I posted I had started a new consulting gig.  Well the honeymoon ended and I realized it was going to be a dead end.  Spent more time worrying about billable hours than actually concentrating on work and study topics.  Luckily a job posting came up from a recruiter friend of mine.  The job was for a Network Security Admin.  After reviewing the position I thought to myself, wow I actually have most of these skills for a change.  And figured what the hell! 

So the recruiter helped me get my resume much more beefy looking so it actually reflected my abilities better.  Next thing I know they bring me in for the first interview.  Cool part was they accommodated my work schedule so I didn't need to take any time off.  Infrastructure manager liked me and I got the call for a second right away.  Again they accommodated my schedule.  The recruiter was also feeling very positive about it.  After another week or 2 I get the offer.  As a bonus it was more than I was asking for.  I didn't want to be too greedy with my first official Info Sec job. 

So here I am 2 weeks into the job, well 3 but again they accommodated me by allowing me to take time off for a pre-scheduled wedding trip for a good friend of mine.  My current duties, for now, revolve around Patch Management and Anti-virus management.  Might seem like a glorified Sys Admin but for one very little if any desktop work, and two, lots of room to grow the duty list.  The team is cool as well and all pretty knowledgeable. 

After talking with a friend of mine, he told me I was heading into Information Assurance.  That led me to GIAC and GCWN.  So my current path will be to obtain GCWN.  New boss said he will approve SANS SEC505 for next year's budget.  Its nice having a boss that says "go pick a training course."  So for now its back on my MCITP track, then GCWN.  After that I may go back to CCNA.  Eventually I would like to pick up the CISSP.  They seem to be very supportive for education so why not take advantage? 

I would welcome any advice from anyone in this area of expertise.  I think my biggest hurdle will be getting a good patch management policy and procedure in place.  We have a virtual lab for testing, but I don't think they use it very often. 

Sorry about the length of this :D

Well, congrats to you, Triban, for getting into a position you'll hopefully enjoy.  Sometimes, these things come out of nowhere, but they're sure worth it, when they do.

Good luck!

Thanks man!  Looking forward to the adventure.

Congrats on the position and best of luck. 

Based on the alphabet soup of MS certs you named, I'm guessing you are working in a predominately (if not all) Windows environment.  Windows Server Update Services (WSUS) is an awesome server snap in for permitting and monitoring MS Update.  Check this link for more details (but I will give a basic breakdown): http://technet.microsoft.com/en-us/wsus/default.aspx

Install WSUS on a server (I find an LDAP or AV server to work pretty well).  You then write some group policies that control when MS Updates are installed and that they get the approval from the WSUS update server (LDAP is awesome for this if you have it).  Login to the WSUS server and approve updates, and the workstations can download and install the updates at the specified time.  You can also assign groups if you are worried about certain updates breaking peoples computers.  You can monitor which workstations have installed the updates via WSUS as well. 

Thanks Mallaigh.  I've worked with WSUS for a bit.  Found it to be useful half the time :D  Mostly found that if there was an update to the updater, it would cause problems.  So one of the solutions we are implementing is a method to force updates using a management appliance. 

Unfortunately the previous admins have left the AD in shambles, so I recommended we straighten that out before we worry about why some machines don't always update.  My idea is, can't patch it if we don't know if it really exists.

I am looking forward to our new patch management appliance.  I'm hoping it works a bit faster at discovery than a GFI scan/assessment.

Congrats

You're welcome Triban.  Sometimes I wish I had AD for my network, other times I'm glad I don't (I run a mixed environment).  Yeah, WSUS isn't perfect but it certainly helps, although I haven't had the chance to fully roll it out due to other projects (rolling out the group polices for WSUS is certainly something I wish I had AD for).

honestly, WSUS isn't much to roll-out.  Install on server then you just configure the options for what software to download (Office, Windows, and other Microsoft Apps).  Then configure synchronization times, set your default listening ports.  It usually uses 443 and/or 80.  Unless it is on SBS.  After that you control the clients via GPO.  And even then it only tells them what to do.  They look at WSUS and either download, download and install or schedule install.  All controlled through GPO.  WSUS just gathers the updates so you don't have all your Windows machines trying to update at once.  You can configure auto-approve rules for critical and security and even designate what groups of computers you want.  But if the client systems are not updated with their Automatic Update engine, they will not communicate properly.  Luckily Microsoft has a few diagnostic tools to assist in troubleshooting.

Once it is in and running, it is pretty cut and dry.  But right now organization is key.  They have little documentation and what they do have it needs severe updating.  So first things first, straighten everything out!  you can't protect it if you don't know it exists.