Thursday, June 27, 2024

The risk of inactive/off-line systems

 The risk of inactive/off-line systems if just turned on and used

In our fast-paced world with cyber warfare going on, from nation states jockeying for the secrets of other nations with zero day hacks, to the many criminals looking for every way to get value out of everyone they can, software is constantly being patched to try and keep ahead. With so many people and businesses not patching, even old bugs are being probed all the time, and getting attacked. Using unpatched systems is a huge risk, sometimes even if just a few weeks, or sometimes days, out of date.

There are many reasons why a system might be unused for a while. They aren't just sitting there for no reason, but generally in one of the following paths

  • Primary user on extended vacation or other extended leave.
  • Pending deployment, with an active plan to do so.
  • In reserve, with not active plan, other than to be available if needed. Perhaps on an eventual path to be decommissioned.
  • On the way to being decommissioned and disposed.

If there is any intention of bringing a system into active use with little warning, they must be kept up to date, otherwise they represent a security risk as breachable/hackable defects are found but not patched. These machines would need to be regularly (every week or two) brought online and the full patch process run (Not just the few obvious ones, but the whole patch management process). This does not mean for all the system in reserve inventory, just enough for quick deployments (loaner or replacement) and the next ones are brought up to ready from extended off-line status.


Any system that has been off-line for an extended time, is a huge safety risk to us if it is just deployed, until it has been through a few restarts, with time in between for the patch process to see what is needed and deployed. After the OS has gotten its patches, open the primary apps, and go to their ‘Help’ ‘About’ menu to check for any updates there. Browsers and email clients are a big target and the front lines of many cyberattacks.

If a system is on the path to likely being decommissioned, but we are just keeping it around "Just in case" then pull it out of any active monitoring systems it might be a part of, as those usually have a licensing cost you can free up, and they usually alarm/bug someone when they haven’t “called home”. Essentially some effort to ‘Mothballing’ the device, just like the Navy does with their ships, Air-forces often do with planes, or even clothes kept in the attic for that ‘maybe some day we might need this again’

There is a very active cyberwar going on, nation states juggling for control to avoid bullets, through all the criminals trying to get at what every they can grab. This has been accelerating at a rapid pace, and we can not rest on "it won't hit us" as we are all being actively probed all the time.

To be safe or as safe as possible, it is important that you keep your systems (both personal and business) as up to date as possible before and when actively using them.

No comments:

Post a Comment