Wow – what a day… my brain is bleeding and that is saying something… The SMB IT Professionals group in Sydney has today been holding a workshop focused on Security and Optimisation of your SBS 2008 network. We had multiple vendors involved and around 35 members from the Sydney group as well as a few ring ins from Brisbane and Melbourne. Via Livemeeting we had Dana Epp and Susan Bradley presenting from the USA and Canada giving the event a truly International flavour.
Dana Epp opened the morning by scaring the pants of the room. I watched as jaws around the room dropped as he showed how easily he could use features of SBS 2008 to access computers remotely – all he needed was some basic credentials and he had control of pretty much ANY PC in the remote network. Now this is not a security vulnerability per se- more the way a feature of the product that could be used in a different manner than what Microsoft intended it to be. Dana also provided a few clues on how to refine the SBS 2008 configuration to reduce this potential concern. I believe he will be doing some blog posts about this in future that will help us all better understand. Of course – AuthAnvil from Scorpionsoft is an easy way you can enforce security and ensure the identity of the people connecting to your network. A few members in the room volunteered their thoughts on Dana’s product and how it worked for them.
Doug Wilson from HW Systems said “Scorpionsoft has THE BEST SUPPORT team of ANY vendor… they go to great lengths to understand and help client requirements”
Dana also talked about how we can evaluate the AuthAnvil product ourselves easily by requesting an evaluation from their website.
Susan Bradley then gave us a deep insight into Patch management and made many think about what questions we need to understand prior to patching client environments. Microsoft normally release patches on the 2nd Tuesday of the month for security related issues and the last Tuesday in the month for any other bits and pieces. However if patches are released at any other time of the month then and then you SERIOUSLY need to consider patching faster as Microsoft only do this when there are vulnerabilities in the wild. Susan also went over why we should patch and primarily this related to the fact that if you do not patch, your system will get owned by the bad guys… you will no longer have control over it and can no longer trust it. Susan then went on to go cover the bases of what OS’s are being actively patched by Microsoft and highlighted that we need to have our clients up to XP SP3 by July in order to get patched in the future. She also discussed how to diagnose patches that are not applying correctly and mentioned the pending.xml file that causes your computers to get stuck on the “Applying updates 3 of 3” and provided step by step instructions on how to get around it.
Morning tea saw lots of great discussion around the topics presented so far and the muffin grab was fun (had to be here).
Trend Micro was up next and Malcolm Pooley and Kieran Cook presented on many of the updates that Trend are doing in their WFBS 6.0 product. Kieran shared with us the results of some internal testing that they did locally with their product and the feedback they are providing to the R&D team. Kieran also gave us an overview of the future roadmap for Trends products in the SMB space, but he asked us to keep it quiet for now.
Lunch up next and some great food – just enough for everyone. No complaints from anyone either which was great. Some interesting discussions through lunch about things we talked about during the morning.
We’re running a bit behind so the session for UTM / Firewall devices was held over till after lunch. Robert Crane is now leading a vibrant discussion (almost and arguement) about the best UTM and Firewall devices on the market. Points for discussion include;
- What devices do you use and why
- How do you justify selling a premium UTM/Firewall device to your clients
- Do clients understand security at all?
- What email filtering solutions to use and why? (had a show of hands as to who uses what mail filtering – 10% used Exchange Defender, 5% use Postini/other and 85% used Trends IMHS)
- Discussion on OpenDNS and how we can use it for blocking sites
- What do you do if a client says “We’ve been hacked….” ?
- Why are we selling security product and not selling them security as a service?
Funny comment made during a discussion on email filtering “Nothing wrong with Symantec filtering… it stops everything… even the server…”. I’m sure that was true in the past, but hey – twas funny 🙂
Patch Management is up now… and the first question asked is “What patch management solution do you use?” The majority of the room is using WSUS, with smaller percentages using Kaseya or manual patching. Similar to the discussion on security, our clients still don’t get the concept of needing to patch their computers. Many of them assume that because they have a relationship with us as IT Professionals (which may be just a break/fix relationship) that we are constantly protecting them from these nasties. This as we all know is wrong. No one would ever do anything for nothing and if we don’t have business relationship that involves some form of fee for service that the client can not expect we are doing anything to protect them. Interesting question raised “How many people wait for Susan to say it’s ok to patch before they patch?”… interestingly around 50% are waiting for “others” to patch before they do – and that does not guarantee that they won’t have problems themselves in their environments, but an indication that they are wanting others to feel the pain before they do. Scary really if you think about it.
Ok – I was up next and delivered a session focused on Server Optimisation. I talked about many things from the hardware, through to what is the right size page file, or RAID configuration. There were a lot of interesting questions and one of the best things discussed was RAID configurations. I asked the question – if you had 4 hard drives in a RAID array, would you use RAID 5 or RAID 1+0? What gives the best random access performance for the average client? Most people in the room said that they would use RAID 1+0 which in my tests is actually NOT the best RAID to use with 4 disks. I’ll be blogging more about that later.
Ryan and John followed on with a presentation about how to build an Untangle Firewall for use in the SMB space. Very cool demo and for those that have not seen Untangle before, it’s certainly something to look at. Untangle looks to be a very cool option for many of us in the SMB space, and there are options where we could build a device ourselves and then provide this as a service to our clients 🙂 Lots of great questions put forward from the attendees. Ryan and John did a great job presenting this – well done.
Many people asked via twitter, emails and so on how they could get copies of todays presentation – they are available to all members of the SMB IT Professionals. Well – you can go one better than that. You can register for our next workshop in May 2010 – right here.