Security Analyst – Jeff Soehner CISSP, GXPN,GPYC,GMOB,GCIH

In this post I wanted to help bring some understanding to many small business owner regarding the need to get control of your Internet connections. With all of the new devices that will surely be enabled in your environment (with and without your knowledge) the need to inventory the usage is now more important than ever.

For those of you who feel that all of this stuff can cost too much money I am happy to show you how you can do it with some free (as in beer) software. When properly setup you can have a great patch management system along with a central logging and reporting server that can help get a handle on usage in your organization.

Logging

Lets start with a Splunk – this is a real-time operational search database capable of handling secured connections from some/all of your devices both wired and wireless. Almost anything that connects to a network and has remote logging capabilities can be configured to send logs to your new splunk server. The server software can be installed on Windows, Linux, Mac OS, AIX, Solaris and FreeBSD. You can reuse any existing computer you currently have along with an existing license or install a free Linux/BSD software to repurpose some existing hardware.

Your splunk server will consist of a few remote connections for your devices to send data to (TCP port 9997 is the default) and a web server that is currently being run in python. The whole system runs with a very small footprint and the free version of Splunk Lite only allows you to index up to 500MB of data per index/ per day so there is no need for a very powerful system. You will be querying this system for reporting and live data feeds so please no 386 computers 🙂

I hope you don’t need to be told about the benefits of error log analysis or the necessity to do so if you want to be compliant but lets just point out that by configuring all your electronics to use some type of syslog facility you can better manage these devices by querying one device on a proactive basis instead of trying to be reactive.

Patch Management

Now we all have some type of windows update program on our machines and trying to connect to each of them to monitor patch success is a nightmare and for most of the sysadmins out there that thought WSUS was the best thing since slice bread until they began to run out of disk space these options just don’t stack up. They can be time and resource intensive and what about third party patches? This is where Desktop Central can come in handy. ManageEngine creates a very nice suite of paid programs and they offer this one for free if you have less that 25 machines to manage. I have a handful of clients that are using this deployment and I can do Windows patch management, all third party patches and I can execute scripts using powershell or windows shell remotely. We run windows disk maintenance like chkdsk and disk cleanup, remove temp files from user and system temp directories. All of this from a single windows server running a postgresql database and some software called Desktop Central.

Now most small business with a few extra hardware resources won’t have to have full-time IT budgets to get enterprise IT management. When coupled with a medium range firewall solution you can mitigate most malware risks and monitor your network all from two web consoles. Knowing is half the battle…

More info about either of these products is available below or feel free to reach out to us here;

http://www.splunk.com/en_us/download.html

https://www.manageengine.com/products/desktop-central/windows-patch-management.html