Pub. 6 2017 Issue 2

17 s u mm e r | 2017 the vulnerability in these Windows systems on March 14, 2017. This means the administrators of these systems missed two full patching cycles and, as a result, suffered significant downtime and losses when WannaCry began its rampage two months later. Hardware inventories are a must. Once you are committed to patching on a very regular basis, you need to be aware of WHAT you are patching. Audits typically ask you to provide an inventory of software and systems. How often do you update this list on the fly before submitting it instead of review- ing it on a routine basis as part of your standard process? An updated and accurate inventory of both software and hardware will sim- plify patching procedures. Additionally, as administrators or temporary stand-ins need to quickly ascertain the physical location of any infected hardware, this inventory needs to include all devices connected to your network. This goes beyond workstations and servers to printers, coffee pots, smart thermostats, etc. Everything with an Ethernet port or Wi-Fi card that connects to your network needs to be documented for patch- ing procedures to be most effective. Network segmen- tation keeps your ship afloat. Even though you may main- tain a list of devices that are patched on a regular basis, the next big malware event could use a zero-day vulner- ability software vendors have not patched, much less been aware. You may have done every- thing right up to now, but persis- tent malware authors have the upper hand and you are always at risk of infection. Network segmentation is your primary source for damage control in this situ- ation. By logically separating your net- work, you create bulkheads in SS local. domain that keep critical systems such as servers isolated from workstations and printers. Some services may need to be whitelisted for vendor software to work, but it is far more effective to whitelist exceptions rather than main- tain a blacklist of banned services. Equally important is segregation of all the new Internet-of-Things (IoT) devices. Many smart thermostats, cof- fee pots, and the like contain the same vulnerabilities that affect our business systems, but will not receive timely secu- rity patches – if they receive any at all. Security affects our daily lives. WannyCry had very clear and profound real-world ramifications. It shut down the National Health Services for almost a full day. During this time, patient care slowed and prescriptions were not filled. We are fortunate that WannaCry affected few financial systems, but we must remain vigilant moving forward. Preston Curry is a security and compliance consultant for CoNetrix. CoNetrix is a provider of information technology con- sulting, IT/GLBA audits and security testing, Aspire IT hosting, and the developer of tandem, a security and compliance software suite. Visit CoNetrix at www.conetrix.com. B A N K B Y T E S An updated and accurate inventory of both software and hardware will simplify patching procedures.