The Challenge of Edge Security

  • Comments posted to this topic are about the item The Challenge of Edge Security

  • To add to your patching notes, it also falls under how much planned downtime can you get.  I have some systems that require maximum uptime and downtime on them is highly disruptive to the company.  So scheduling some downtime may take weeks or months just to get all of the approvals to do maintenance on a system and to have it work around my schedule too.

    Most of the systems I manage are thankfully internal-only so little to no risk of a breach unless someone gets into our VPN.  And that could happen, but it is not likely.

    And then there are the systems that REQUIRE specific versions of additional tools.  We had a warehousing tool that required Java 6 when Java 8 was the latest and greatest.  Updating Java resulted in the app failing to start.  We also have tools that bundle other tools with them and updating MUST be done by the parent tool to reduce the chance of errors - main tool relies on nginx and apache tomcat and a specific version of Java as an example.  So even though Tomcat may have an update, I can't apply it until the main tool approves that version of Tomcat for production use.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

  • And then there are the systems that REQUIRE specific versions of additional tools.  We had a warehousing tool that required Java 6 when Java 8 was the latest and greatest.  Updating Java resulted in the app failing to start.  We also have tools that bundle other tools with them and updating MUST be done by the parent tool to reduce the chance of errors - main tool relies on nginx and apache tomcat and a specific version of Java as an example.  So even though Tomcat may have an update, I can't apply it until the main tool approves that version of Tomcat for production use.

     

    My favorite was at the last company I worked at, some of the functionality they were using in their CRM required a specific version of Active X.  Which was only available in a specific version of IE on windows XP and the only way to fix that would have been to upgrade the entire CRM platform to a newer version which would have been a massive deal.  So the entire company was effectively stuck on windows XP.

     

    Fortunately they went under before that really came to a head.

  • We still have Windows XP computers that are "critical" to the company due to similar things.  In-house built software that is used for a product we are working to EOL that needs XP to run.  No time/budget to work on software for an EOL product, but that product has been talked about being EOL forever it seems.

    Another fun thing that happens with software updates is when you fall too many versions behind and now you need to struggle and test the upgrade path from unsupported version version A to supported version D by going through versions B and C which are also unsupported.  Or if you have used GitLab before, their upgrade path can be a challenge as it isn't just as simple as upgrading from version 8.x.x to 9.x.x to 10.x.x, you have to upgrade from 8.<latest>.<latest> to 9.0.0 then to 9.<latest>.<latest> then to 10.0.0 then to 10.<latest>.<latest> in MOST cases.

    The above is all just my opinion on what you should do. 
    As with all advice you find on a random internet forum - you shouldn't blindly follow it.  Always test on a test server to see if there is negative side effects before making changes to live!
    I recommend you NEVER run "random code" you found online on any system you care about UNLESS you understand and can verify the code OR you don't care if the code trashes your system.

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply