.

Wonderful update

<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Sun Oct 24, 2010 9:54 am

Wonderful update

So last time I posted I had started a new consulting gig.  Well the honeymoon ended and I realized it was going to be a dead end.  Spent more time worrying about billable hours than actually concentrating on work and study topics.  Luckily a job posting came up from a recruiter friend of mine.  The job was for a Network Security Admin.  After reviewing the position I thought to myself, wow I actually have most of these skills for a change.  And figured what the hell! 

So the recruiter helped me get my resume much more beefy looking so it actually reflected my abilities better.  Next thing I know they bring me in for the first interview.  Cool part was they accommodated my work schedule so I didn't need to take any time off.  Infrastructure manager liked me and I got the call for a second right away.  Again they accommodated my schedule.  The recruiter was also feeling very positive about it.  After another week or 2 I get the offer.  As a bonus it was more than I was asking for.  I didn't want to be too greedy with my first official Info Sec job. 

So here I am 2 weeks into the job, well 3 but again they accommodated me by allowing me to take time off for a pre-scheduled wedding trip for a good friend of mine.  My current duties, for now, revolve around Patch Management and Anti-virus management.  Might seem like a glorified Sys Admin but for one very little if any desktop work, and two, lots of room to grow the duty list.  The team is cool as well and all pretty knowledgeable. 

After talking with a friend of mine, he told me I was heading into Information Assurance.  That led me to GIAC and GCWN.  So my current path will be to obtain GCWN.  New boss said he will approve SANS SEC505 for next year's budget.  Its nice having a boss that says "go pick a training course."  So for now its back on my MCITP track, then GCWN.  After that I may go back to CCNA.  Eventually I would like to pick up the CISSP.  They seem to be very supportive for education so why not take advantage? 

I would welcome any advice from anyone in this area of expertise.  I think my biggest hurdle will be getting a good patch management policy and procedure in place.  We have a virtual lab for testing, but I don't think they use it very often. 

Sorry about the length of this :D
Certs: GCWN
(@)Dewser
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1661

Joined: Mon Jan 29, 2007 2:59 pm

Post Sun Oct 24, 2010 4:39 pm

Re: Wonderful update

Well, congrats to you, Triban, for getting into a position you'll hopefully enjoy.  Sometimes, these things come out of nowhere, but they're sure worth it, when they do.

Good luck!
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Oct 25, 2010 9:23 am

Re: Wonderful update

Thanks man!  Looking forward to the adventure.
Certs: GCWN
(@)Dewser
<<

mallaigh

User avatar

Jr. Member
Jr. Member

Posts: 65

Joined: Fri Jul 16, 2010 12:36 am

Post Mon Oct 25, 2010 12:12 pm

Re: Wonderful update

Congrats on the position and best of luck. 

Based on the alphabet soup of MS certs you named, I'm guessing you are working in a predominately (if not all) Windows environment.  Windows Server Update Services (WSUS) is an awesome server snap in for permitting and monitoring MS Update.  Check this link for more details (but I will give a basic breakdown): http://technet.microsoft.com/en-us/wsus/default.aspx

Install WSUS on a server (I find an LDAP or AV server to work pretty well).  You then write some group policies that control when MS Updates are installed and that they get the approval from the WSUS update server (LDAP is awesome for this if you have it).  Login to the WSUS server and approve updates, and the workstations can download and install the updates at the specified time.  You can also assign groups if you are worried about certain updates breaking peoples computers.  You can monitor which workstations have installed the updates via WSUS as well. 
Last edited by mallaigh on Mon Oct 25, 2010 12:14 pm, edited 1 time in total.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Mon Oct 25, 2010 9:31 pm

Re: Wonderful update

Thanks Mallaigh.  I've worked with WSUS for a bit.  Found it to be useful half the time :D  Mostly found that if there was an update to the updater, it would cause problems.  So one of the solutions we are implementing is a method to force updates using a management appliance. 

Unfortunately the previous admins have left the AD in shambles, so I recommended we straighten that out before we worry about why some machines don't always update.  My idea is, can't patch it if we don't know if it really exists.

I am looking forward to our new patch management appliance.  I'm hoping it works a bit faster at discovery than a GFI scan/assessment.
Certs: GCWN
(@)Dewser
<<

impelse

Hero Member
Hero Member

Posts: 585

Joined: Mon Feb 16, 2009 3:40 pm

Post Mon Oct 25, 2010 10:56 pm

Re: Wonderful update

Congrats
CCNA, Security+, 70-290, 70-291
CCNA Security
Taking Hackingdojo training

Website: http://blog.thehost1.com/
<<

mallaigh

User avatar

Jr. Member
Jr. Member

Posts: 65

Joined: Fri Jul 16, 2010 12:36 am

Post Tue Oct 26, 2010 1:25 pm

Re: Wonderful update

Triban wrote:Thanks Mallaigh.  I've worked with WSUS for a bit.  Found it to be useful half the time :D  Mostly found that if there was an update to the updater, it would cause problems.  So one of the solutions we are implementing is a method to force updates using a management appliance. 

Unfortunately the previous admins have left the AD in shambles, so I recommended we straighten that out before we worry about why some machines don't always update.  My idea is, can't patch it if we don't know if it really exists.

I am looking forward to our new patch management appliance.  I'm hoping it works a bit faster at discovery than a GFI scan/assessment.


You're welcome Triban.  Sometimes I wish I had AD for my network, other times I'm glad I don't (I run a mixed environment).  Yeah, WSUS isn't perfect but it certainly helps, although I haven't had the chance to fully roll it out due to other projects (rolling out the group polices for WSUS is certainly something I wish I had AD for).
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Tue Oct 26, 2010 7:27 pm

Re: Wonderful update

honestly, WSUS isn't much to roll-out.  Install on server then you just configure the options for what software to download (Office, Windows, and other Microsoft Apps).  Then configure synchronization times, set your default listening ports.  It usually uses 443 and/or 80.  Unless it is on SBS.  After that you control the clients via GPO.  And even then it only tells them what to do.  They look at WSUS and either download, download and install or schedule install.  All controlled through GPO.  WSUS just gathers the updates so you don't have all your Windows machines trying to update at once.  You can configure auto-approve rules for critical and security and even designate what groups of computers you want.  But if the client systems are not updated with their Automatic Update engine, they will not communicate properly.  Luckily Microsoft has a few diagnostic tools to assist in troubleshooting.

Once it is in and running, it is pretty cut and dry.  But right now organization is key.  They have little documentation and what they do have it needs severe updating.  So first things first, straighten everything out!  you can't protect it if you don't know it exists.
Certs: GCWN
(@)Dewser

Return to News Items and General Discussion About EH-Net

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software