1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cyber Essentials is a joke?

Discussion in 'Servers and Enterprise Solutions' started by TheOracle, 22 Jan 2020.

  1. TheOracle

    Capodecina

    Joined: 30 Sep 2005

    Posts: 12,599

    yeah I can imagine there’s some very dodgy networks out there
     
  2. kefkef

    Mobster

    Joined: 18 Oct 2002

    Posts: 3,973

    Location: Somewhere on the Rainbow

    The issue is the return for the DSP Toolkit isn't phrased to allow you to put in we're 90% complete. It's an all or nothing statement.

    Looking at what we can put in place to inform us, products such as Snow, Deskcenter, Iventi, Remedy etc but even then there will be some manual trawl to be done.
     
  3. TheOracle

    Capodecina

    Joined: 30 Sep 2005

    Posts: 12,599

    We got our cyber essentials plus certificate today

    Can’t say I was impressed with the process, but we passed
     
  4. rotor

    Wise Guy

    Joined: 18 Sep 2012

    Posts: 2,165

    Did you have any issues remediating workstations remotely? What about all the laptops for everyone working from home?
     
  5. TheOracle

    Capodecina

    Joined: 30 Sep 2005

    Posts: 12,599

    No, everything is handled automatically via SCCM and the laptops are on Microsofts always on vpn

    The auditors setup a teams meeting and we simply shared the screen so he could check stuff
     
  6. Quartz

    Capodecina

    Joined: 1 Apr 2014

    Posts: 11,367

    Location: Aberdeen

    I wonder how much Microsoft et al paid to have 'latest versions' a requirement? I've been out of it over a decade but when I was - preipherally - involved, we had standard versions of software which were often many years out of date. We then ensured they were up to date wrt patches etc.
     
  7. Bouton Aide

    Caporegime

    Joined: 9 Aug 2008

    Posts: 25,486

    Everything in IT is a ticky box exercise. :D
     
  8. rotor

    Wise Guy

    Joined: 18 Sep 2012

    Posts: 2,165

    Nice one. I would argue that a significant part of CyberEssentials is to get your underlying infrastructure setup properly, so when it comes time to prepare for the audit, things are pretty much already there.
     
  9. rotor

    Wise Guy

    Joined: 18 Sep 2012

    Posts: 2,165

    Software doesn't patch itself, and as vendors release new versions of software (a market necessity to stay relevant in a constantly evolving world), by simple necessity at some point they have to stop supporting older versions (most big software companies support n-2 versions). However, security vulnerabilities and bugs are still found in older un-supported software versions, so what would you propose is the solution? Answer: you have to stay up to date if you want to be even remotely secure. It's nothing to do with "Microsoft paying", it's simple economic reality, supporting every version of software ever released is just not feasible, and would be a terrible waste of precious developer resource.

    I don't get this hatred for patching. Staying up to date is essential for security, compatibility, and supportability, and anything that promotes the improvement of these practices and the underlying tools that support them (like SCCM), is a good thing.
     
  10. Quartz

    Capodecina

    Joined: 1 Apr 2014

    Posts: 11,367

    Location: Aberdeen

    It wasn't a hatred of patching; it weas a desire for a consistent stable platform across thousands of PCs.
     
  11. rotor

    Wise Guy

    Joined: 18 Sep 2012

    Posts: 2,165

    Microsoft normally supports products for 5 years or more, don't they? So you're saying you want your estate to stagnate for 5 years? An estate that remains untouched for 5 years is not a stable estate. New software products that your users might need come out in that time, and they will have compatibility requirements of their own (because the vendor will have only tested against modern OS releases). And because it's been untouched for so long, there is nobody in the company that actually knows how to update the estate (there are no practices, tools, procedures), and the users are used to their machines never being touched, so it would be super traumatic for them when you did do it, and then on top of all that, when you were finally forced to update things (at which point this has become bigger than Ben Hur), the change would be so big because you'd left it for so long, that it would be a shock to the employees and error-prone to deploy. Frequent small changes are far better than infrequent big changes, not only because there is less change in between updates, but because by doing more of them, you get better at testing and deploying them.
     
  12. TheOracle

    Capodecina

    Joined: 30 Sep 2005

    Posts: 12,599

    I think windows 10 is 18 months

    Our estate is 4,000 client devices managed by four front line technicians. We manage with ease. So long as you have the back end setup right, that's key.
     
  13. Lanz

    Soldato

    Joined: 26 Nov 2002

    Posts: 6,855

    Location: Romford

    It's a laugh trying to get CE+ when all your infra is 8 years old - Erm i could update Java, but i need version xxxx for the old SAN GUI that doesn't work with anything newer.
    Why are you on this version of ESXI? Well our servers don't support the latest version...
     
  14. TheOracle

    Capodecina

    Joined: 30 Sep 2005

    Posts: 12,599

    Don't worry, you'll pass. It's a complete joke. The auditor will simply tell you to ensure at least one machine has the latest java, and they'll basically run their tests on that one machine.

    We were in the same boat. The dell equalogic sans require java 6, so.... and we still passed lol
     
  15. Lanz

    Soldato

    Joined: 26 Nov 2002

    Posts: 6,855

    Location: Romford

    Exactly, we’ll have equallogic until the end of days.... we’ve been trying to get rid of them for years. (But I do really like them...)
     
  16. LizardKing

    Sgarrista

    Joined: 18 Oct 2002

    Posts: 7,692

    Location: The Land of Roundabouts

    Who were the auditors? (asking for a friend :D) though CE was never about being accreditation as such and more about showing your "on the ball" to a degree. I did use it as an argument for getting sign off on some new equipment thanks to some servers no longer being supported by the later versions vmware so its useful for something. I see vmware are also looking at requiring tpm, so thats another one to add down the line!

    re Oracles Java, dont you need to be licensed for support now? or does that not apply to the older versions? i was glad to see the back of that on our network for sure.
     
  17. TheOracle

    Capodecina

    Joined: 30 Sep 2005

    Posts: 12,599

    We went down from 4, to 1 and 1 compellent. The compellents are brilliant. Still, that one we do have means at least my machine needs java 6 lol
     
  18. awaybreaktoday

    Perma Banned

    Joined: 15 May 2006

    Posts: 4,107

    Location: London

    Yes Microsoft have silently killed AppV, the replacement is MSIX...