When I was a network/sys admin in the early 00s, the secret to my success was I never fiddled with the servers or patched. Other than rebooting them every Friday evening, I just let them run and they ran.
When some Lebanese asshole took over my job, the systems were always down. He was one of those retards that installs every new patch as soon as it comes out.
People said, "when you were running things here, the servers were up for a whole year". I said, "yeah, I only patched like once a year".
Funny thing, how I got "laid off" was that the servers went down one day because he told me to reboot them while management was out and when they didn't come back up, he blamed the downtime on me. So I shoved his brown ass into every bit of furniture in the office. I took him on a tour of the office, into a few cars in the parking lot and then back into the office. People couldn't stand him so when the cops came they said they didn't see anything.
The whole "security" thing is a scam IMO. I can't stand people who won't shut up about "cyber security". These days, you have to because of regulations but it's still a scam.
If you're working with a small business that nobody knows about, you were better off not patching back then. It was just going to be more trouble than it was worth.
As a security guy, this boomer approach to patching will absolutely fuck you over. The time to patch before exploitation on recent exploits such as log4j, the exchange vulnerabilities, or that apache vuln, was under 48 hours. Anything longer than that and you were guaranteed to get hit. Which is worse, some downtime from a failed patch on one service, or every machine on the network ransomwared?
You probably have to do that today but this was 20 years ago.
The downtime was ridiculous and there was only one minor incident of hacking when the servers were not behind a firewall, using public IPs.
Services would sometimes fail to come up and there is always a chance that the server itself would crash, etc. For the email server, this was very dangerous to my job. The last thing I wanted to do is spend the weekend in the office rebuilding it from backups and backups are funny.
I've seen a number of instances where backups didn't work. If backups always worked, ransomware wouldn't be a thing.
Hacking was more of an imaginary threat like those people who say the earth is about to crash into the sun or something. I would just say, oh yeah, definitely. Meanwhile I'm adding that guy to the idiot category.
Best thing to do would be to give death penalty for these things, hunt them down like dogs.
Most denial of service is coming from these stupid MFA logins, overcomplicated permission schemes, helpdesk calls from password expiration/reset, unexpected downtime and other bullshit that is costing more than the ransomware.
Even as a developer, this is even costing me a lot of time.
"The password to circumvent MFA isn't working, someone should look into that, shit that someone is also me, now I have to call support and deal with some idiot from Sri Lanka who sends me support articles I've already read. Meanwhile, people are asking me why my work isn't done..." lol
Yeah, I get it, back then it wasn't possible to scan the entire internet for vulnerable boxes. Now its fairly easy, patching your exposed boxes, for the big easy exploits as fast as possible is critical. Otherwise the threat actors will patch them for you so they don't show up on vuln scans, and can buy themselves time to lateral.
(post is archived)