My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

What is in your Infosec Calendar?

Published: 2022-10-06. Last Updated: 2022-10-06 17:07:19 UTC
by Johannes Ullrich (Version: 1)
4 comment(s)

Lately, I have been toying with the idea of creating an "infosec calendar" with activities to perform regularly. The calendar would be more targeted at home users and enthusiasts, certainly not at enterprises, but they may develop their own based on some of these ideas.

There are some of the items that I am considering, and well PLEASE suggest yours:

Restart your browser at least once a day

Some systems may not be stable enough for this to matter, but I find that if you keep your browser open all the time (as many of us do by default), and never close it, browser updates do not get applied. Chrome has a useful indicator warning, but not everybody "sees" it. So I make it a habit to restart my browser in the morning.

Reboot your system once a week

Same idea: Patches will often require a restart of the particular software patched. As you may have dozens of programs patched each week, it is easier to just reboot the system.

Microsoft Patch Tuesday

I am not a big Windows user, so this one applies less to me, but having a calendar reminder on the Wednesday after patch Tuesday to make sure that the patch Tuesday updates are applied makes some sense. Maybe reschedule your weekly reboot for Thursday?

Monthly Backup Check

For my desktops/laptops, I currently run 3 backups (Incremental Timemachine, Daily full clone with Carbon Copy Cloner, and a cloud-based "off-site" solution). But they sometimes fail; worse, they can either fail silently or notify you of a failure while you are busy with something else, so you click them away and forget about it. At the very least, check once a month that your backups are happening. Better restore a file once a month. Maybe a quarterly or annual "restore a system from scratch" test (which is time-consuming).

Monthly Router/Switch/IoT Update check

Many network devices have no robust way to notify you of updates. Often, you need to manually check the current firmware version and compare it (again: manually) to the latest firmware available from the manufacturer. I scripted these checks in the past, but these scripts are a pain to maintain. So it is probably a good idea to check manually once a month. This includes, first of all, your firewall/router, but also other network devices and certainly IoT devices (cameras, microwave oven...)

Monthly failover checks

This is a generic item and may not apply to everybody. But if you have a secondary internet connection or even a UPS for power backup, test them once a month to ensure they work. Note: Try to avoid testing a UPS by unplugging it. This can cause issues as you remove the ground connection. For a power outage, the ground connection remains. If your home disaster recovery plan is to work from a remote location: Simulate it by tethering from a cell phone and make sure things like VPNs and such connect.

So what else is on your calendar?

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

Keywords:
4 comment(s)
My next class:
Network Monitoring and Threat Detection In-DepthSingaporeNov 18th - Nov 23rd 2024

Comments

I have a "monthly" task that would be "check for other software updates". This is something like Patch Tuesday with Microsoft, but for all the other apps that I use infrequently and they only check for updates if you run them. For example - Wireshark 4.0.0 was released this week. This is also a time I ask myself "do I still need this app?" If not - uninstall it.
How about a weekly or monthly full AV scan. This can be scheduled, but if using traditional signature based AV, it's good to manually confirm its sigs are updating and the scheduled scans are running as expected.
Password Management

Each month, check if you have been affected by any recent Internet services or Vendor breaches that may have affected your accounts. Core reference would be https://haveibeenpwned.com
If breach identified update the associated password, or if the account is no longer being used, delete it.

Also maintain your Admin accounts, consider updating the passwords on a 3 month or 6 month interval. Considerations include: Website Administration, Office Desktop/Laptop administration user, Home office router, Google Workspace Admin, M365, etc..
I know many people, including computer professionals, let their systems go to sleep rather than shut them down. I never understood that, maybe because I remember when Windows systems simply couldn't stay running much more than a day.

Diary Archives