Keep the information system up to date #CyberSecMonth

by | Nov 15, 2018 | CyberSecMonth, News & Events

Although we are only a few days away from the end of the 2018 edition of CyberSecMonth, there is still time to learn and share best practices on digital security. This is our ambition with this new computer graphics on the maintenance of the information system. The creation of this CyberAdvice is very important to us since we have developed a solution that perfectly meets the challenges of maintaining a computer park. We’ll tell you more just below!

Cybersecurity: Visualize, understand, decide

This week, Cigref, a network of major French companies and public administrations focused on digital technology, published a report on Cybersecurity. The purpose of this report is to help organizations to understand the challenges of cybersecurity. Thus, the Cigref working group identified and structured the strategic information and indicators needed to provide a dashboard on cybersecurity. This document, mainly intended for CIOs, includes several sections (information system, company vulnerability, etc.) and is based on current data, risk analyses, cost elements and aggregated quantitative indicators.

An up-to-date information system for a secure fleet

At a time when digital transformation is becoming increasingly important, information systems and software are constantly evolving. These solutions are often subject to updates, either to deploy new features or to make corrections. As a result of this “instability”, it is therefore not surprising that security breaches are regularly discovered.

From the point of view of cyber attackers, these security breaches are very good opportunities to penetrate the information system and reach sensitive data or contaminate the network. While it is impossible to prevent software from evolving, there are still solutions to limit the risks of frequently updating solutions used within an organization.

How to limit the risks?

Update the components of the information system:

The only way to prevent this risk is to be informed when new vulnerabilities are discovered so that you can act quickly. The CERT-FR is the government center for monitoring, alerting and responding to computer attacks and acts as the French government’s CERT (Computer Emergency Response Team) by monitoring technological developments and communicating on the state of systems and software. This organization therefore makes it possible to keep informed of the various security vulnerabilities discovered. It is important to apply the security patches to all components of the information system within a maximum period of one month after the publisher’s publication. It is also advisable to define and implement an update policy specifying:

  • The way in which the inventory of the components of the information system is carried out.
  • Sources of information related to the publication of updates.
  • Tools to deploy patches on the fleet.
  • The possible qualification of patches and their progressive deployment on the fleet.

Obsolete components no longer supported by manufacturers must be isolated from the rest of the system. This measure also concerns the network (strict filtering of flows) but also authentication secrets (dedicated to these systems).

Monitor the obsolescence of the software used:

Using an obsolete system or software represents an additional risk of being attacked by a cyber attack. As soon as patches are no longer made to a system, it becomes vulnerable. Many malicious tools available on the web exploit this lack of security correction on the part of the publisher. There are still precautions to avoid the obsolescence of these systems:

  • Create and maintain an inventory of information systems and applications.
  • Prefer solutions whose support function is guaranteed at least for the duration of use.
  • Ensure a follow-up of updates and end dates of software support.
  • Maintaining the homogeneity of the IT equipment, the accumulation of several versions of a software can lead to problems and complicate the monitoring of the equipment.
  • Limit the operating dependencies of one software to another (software adhesions), in fact the support time of these solutions is not equivalent.
  • Include clauses in contracts with service providers and suppliers to monitor security patches and manage obsolescence.
  • Identify the time and resources required to migrate each software in the decline phase (non regression test, back up and date migration procedure, etc).

Facilitate the implementation of these good practices

Ensure software compliance:

SUMo (for Software update Monitor) is a tool that is easy to use and yet very useful because it automatically detects, through an analysis of the hard disk, new versions of software installed on the computer in question. The little something extra about this really practical solution is that it is free and available in French. During an analysis, if SUMo discovers a new version of a software, the console displays the version currently installed on the computer and the new version of the software as well as a link to download it. There is also a paid version that allows you to download updates directly from developers’ websites.

WAPT for simplified fleet management:

WAPT, our open source software deployment solution for Windows, was designed to simplify IT asset management by centralizing administration actions in a single console. WAPT allows you to quickly create, test, install, update and uninstall software packages or configurations across an entire fleet. The information goes directly to the console and it is therefore possible to know the progress of the actions carried out on the fleet in real time. It is also possible to remotely program the deployment of software so as not to disturb users. The simplicity of the software allows you to be more responsive and quickly correct security vulnerabilities by keeping your fleet up to date with just a few clicks.

With the deployment of software packages, you have three options. First, it is possible to download the secure packages from our store (with more than 1000 packages available). Alternatively, you can create your own packages via the WAPT console, we use the wizard package and PyScripter environment to really simplify package creation, as you can see below. If all this seems complex to you, it is still possible to ask us to develop your packages for you.

The National Agency for Information Systems Security has recognized the security and robustness of the software by awarding version 1.5 of WAPT Enterprise the ANSSI qualification. This version offers more flexibility in managing the largest fleets, whether through AD authentication, separation of user roles or simplified management of remote sites or individual depots.
Do you need to keep your fleet up to date?

Trust our expertise

As the creators of WAPT, we are best able to answer your questions and solve your problems, whether through our support tickets or through the datadock certified training we provide on our software. Our DevSecOps working methodologies and our 15 years of expertise in securing the local network make us trusted partners to act effectively on a computer fleet.

What you shouldn’t have missed:

Who to follow during #CyberSecMonth?

Articles not to be missed:

Find all our recommendations on Twitter and LinkedIn and on hashtag: #TousSecNum, #CyberSecMonth, #ECSM2018 et #ECSM. Also follow our hashtag #CyberConseil to follow Tranquil IT’s advice and discover the following graphics.

Tranquil IT is referenced to the UGAP

Tranquil IT is referenced to the UGAP

Tranquil IT is now referenced to the UGAP through the multi-publisher contract carried by SCC. Behind all these somewhat bureaucratic terms is very good news for those who want to buy the innovative products and services offered by Tranquil IT. What does that mean? In...

Supervise, audit, react #CyberSecMonth

Supervise, audit, react #CyberSecMonth

This is already the end of the 2018 edition of CyberSecMonth, we hope that you will continue to raise awareness and remain vigilant about the challenges of digital security. On our side, we would like to conclude our CyberAdvice by sharing with you a latest graphic...