Cyber Essentials is a joke?

Soldato
OP
Joined
30 Sep 2005
Posts
16,526
I think the auditors will usually allow a small percentage to be out, but it’s pretty small. My point about it overall being a good thing is that it forces you to have systems in place rather than an ad hoc process that probably doesn’t get used that often.

yeah I can imagine there’s some very dodgy networks out there
 
Soldato
Joined
18 Oct 2002
Posts
4,032
Location
Somewhere on the Rainbow
The issue is the return for the DSP Toolkit isn't phrased to allow you to put in we're 90% complete. It's an all or nothing statement.

Looking at what we can put in place to inform us, products such as Snow, Deskcenter, Iventi, Remedy etc but even then there will be some manual trawl to be done.
 

Deleted member 138126

D

Deleted member 138126

We got our cyber essentials plus certificate today

Can’t say I was impressed with the process, but we passed
Did you have any issues remediating workstations remotely? What about all the laptops for everyone working from home?
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
Did you have any issues remediating workstations remotely? What about all the laptops for everyone working from home?

No, everything is handled automatically via SCCM and the laptops are on Microsofts always on vpn

The auditors setup a teams meeting and we simply shared the screen so he could check stuff
 
Soldato
Joined
1 Apr 2014
Posts
18,532
Location
Aberdeen
I wonder how much Microsoft et al paid to have 'latest versions' a requirement? I've been out of it over a decade but when I was - preipherally - involved, we had standard versions of software which were often many years out of date. We then ensured they were up to date wrt patches etc.
 

Deleted member 138126

D

Deleted member 138126

No, everything is handled automatically via SCCM and the laptops are on Microsofts always on vpn

The auditors setup a teams meeting and we simply shared the screen so he could check stuff
Nice one. I would argue that a significant part of CyberEssentials is to get your underlying infrastructure setup properly, so when it comes time to prepare for the audit, things are pretty much already there.
 

Deleted member 138126

D

Deleted member 138126

I wonder how much Microsoft et al paid to have 'latest versions' a requirement? I've been out of it over a decade but when I was - preipherally - involved, we had standard versions of software which were often many years out of date. We then ensured they were up to date wrt patches etc.
Software doesn't patch itself, and as vendors release new versions of software (a market necessity to stay relevant in a constantly evolving world), by simple necessity at some point they have to stop supporting older versions (most big software companies support n-2 versions). However, security vulnerabilities and bugs are still found in older un-supported software versions, so what would you propose is the solution? Answer: you have to stay up to date if you want to be even remotely secure. It's nothing to do with "Microsoft paying", it's simple economic reality, supporting every version of software ever released is just not feasible, and would be a terrible waste of precious developer resource.

I don't get this hatred for patching. Staying up to date is essential for security, compatibility, and supportability, and anything that promotes the improvement of these practices and the underlying tools that support them (like SCCM), is a good thing.
 

Deleted member 138126

D

Deleted member 138126

Microsoft normally supports products for 5 years or more, don't they? So you're saying you want your estate to stagnate for 5 years? An estate that remains untouched for 5 years is not a stable estate. New software products that your users might need come out in that time, and they will have compatibility requirements of their own (because the vendor will have only tested against modern OS releases). And because it's been untouched for so long, there is nobody in the company that actually knows how to update the estate (there are no practices, tools, procedures), and the users are used to their machines never being touched, so it would be super traumatic for them when you did do it, and then on top of all that, when you were finally forced to update things (at which point this has become bigger than Ben Hur), the change would be so big because you'd left it for so long, that it would be a shock to the employees and error-prone to deploy. Frequent small changes are far better than infrequent big changes, not only because there is less change in between updates, but because by doing more of them, you get better at testing and deploying them.
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
Microsoft normally supports products for 5 years or more, don't they? So you're saying you want your estate to stagnate for 5 years? An estate that remains untouched for 5 years is not a stable estate. New software products that your users might need come out in that time, and they will have compatibility requirements of their own (because the vendor will have only tested against modern OS releases). And because it's been untouched for so long, there is nobody in the company that actually knows how to update the estate (there are no practices, tools, procedures), and the users are used to their machines never being touched, so it would be super traumatic for them when you did do it, and then on top of all that, when you were finally forced to update things (at which point this has become bigger than Ben Hur), the change would be so big because you'd left it for so long, that it would be a shock to the employees and error-prone to deploy. Frequent small changes are far better than infrequent big changes, not only because there is less change in between updates, but because by doing more of them, you get better at testing and deploying them.

I think windows 10 is 18 months

Our estate is 4,000 client devices managed by four front line technicians. We manage with ease. So long as you have the back end setup right, that's key.
 
Soldato
Joined
26 Nov 2002
Posts
6,852
Location
Romford
It's a laugh trying to get CE+ when all your infra is 8 years old - Erm i could update Java, but i need version xxxx for the old SAN GUI that doesn't work with anything newer.
Why are you on this version of ESXI? Well our servers don't support the latest version...
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
It's a laugh trying to get CE+ when all your infra is 8 years old - Erm i could update Java, but i need version xxxx for the old SAN GUI that doesn't work with anything newer.
Why are you on this version of ESXI? Well our servers don't support the latest version...

Don't worry, you'll pass. It's a complete joke. The auditor will simply tell you to ensure at least one machine has the latest java, and they'll basically run their tests on that one machine.

We were in the same boat. The dell equalogic sans require java 6, so.... and we still passed lol
 
Soldato
Joined
26 Nov 2002
Posts
6,852
Location
Romford
Exactly, we’ll have equallogic until the end of days.... we’ve been trying to get rid of them for years. (But I do really like them...)
 
Soldato
Joined
18 Oct 2002
Posts
8,116
Location
The Land of Roundabouts
Don't worry, you'll pass. It's a complete joke. The auditor will simply tell you to ensure at least one machine has the latest java, and they'll basically run their tests on that one machine.

We were in the same boat. The dell equalogic sans require java 6, so.... and we still passed lol

Who were the auditors? (asking for a friend :D) though CE was never about being accreditation as such and more about showing your "on the ball" to a degree. I did use it as an argument for getting sign off on some new equipment thanks to some servers no longer being supported by the later versions vmware so its useful for something. I see vmware are also looking at requiring tpm, so thats another one to add down the line!

re Oracles Java, dont you need to be licensed for support now? or does that not apply to the older versions? i was glad to see the back of that on our network for sure.
 
Soldato
OP
Joined
30 Sep 2005
Posts
16,526
Exactly, we’ll have equallogic until the end of days.... we’ve been trying to get rid of them for years. (But I do really like them...)

We went down from 4, to 1 and 1 compellent. The compellents are brilliant. Still, that one we do have means at least my machine needs java 6 lol
 
Back
Top Bottom