We have previously highlighted the difference between managed IT Support and the traditional break/fix model.
The main differentiation is that whilst break/fix is very much reactive, managed support is pro-active and includes everything you need to keep your systems running properly.
But what does this actually mean in real terms?
In order to illustrate the difference, we’ve put together a case study detailing the type of thing that we constantly do in the background for our clients. This is the kind of work that often goes unnoticed by our clients but is what keeps them secure and their systems running smoothly.
Identifying an issue
We study the IT press and have alerts set up from various sources which keep us informed of any new or escalating issues. One such issue we identified was the BlueKeep security vulnerability. BlueKeep initiates self-replicating worm malware on computers using older Windows versions. It’s similar to the WannaCry virus that brought the NHS to a halt. The delivery method for BlueKeep is via Remote Desktop Services.
Microsoft considers the flaw “critical” and recommends installing available update patches as soon as possible to affected systems to mitigate the vulnerability, as well as disabling Remote Desktop Services if they are not required.
What we did
We needed to identify any clients who might be vulnerable and fix that vulnerability.
Our senior engineer developed a custom SQL query to pull all public IP addresses known to our database. A Security specialist, Robert David Graham, has created a tool created solely for the detection of networks vulnerable to the BlueKeep Vulnerability, RDPScan.exe. We tested the program on a single IP Address, and found that it takes 20 – 30 seconds to complete the scan each time. With 329 IP addresses to scan we set up a script to automate the test in Powershell.
The automated scan took around 2 hours to run and identified the following:
- 310 had the RDP port closed, and were therefore SAFE
- 18 were found to be SAFE, as they already had the required patch
- 1 was found to be VULNERABLE
Fixing the vulnerability
For the client identified as vulnerable we connected to the server and discovered that port 3389 forwarded to their main Domain Controller. The tools we use to remotely connect to client servers do not utilise this port, therefore we were able to disable the port forwarding rule avoiding an unnecessary security risk.
Therefore, we disabled the port forwarding rule for 3389, thus removing the threat of the BlueKeep exploit.
In conclusion
The vulnerability was only found on one client, this means our automated Patch Manager is doing a fantastic job of keeping systems up to date and protected.
As previously mentioned all of this, including the patching which had already protected the majority of clients, had taken place in the background with no disruption to the client. Indeed, most are not even aware that this is going on day in, day out.
With a traditional break/fix solution the vulnerability wouldn’t have even been looked at until BlueKeep had infiltrated the system and been used to deliver ransomware.
It was estimated that as of June 1st there were around 1m vulnerable PC’s connected to the internet and potentially open to exploitation. Microsoft even took the unusual step of issuing patches for versions of Windows it no longer officially supports. However, you would have needed to be aware of the issue to have located and downloaded the patch.
Is fully managed IT support for you?
For businesses with 20 or more users and no in-house IT department we believe Fully Managed IT Support is a no brainer. You have too many users to rely on an individual to help with IT alongside their main job, whilst employing full-time IT engineers is generally not cost effective until you reach 250+ users.
For a fixed monthly fee all of your IT needs are taken care of. Security is built in with anti-virus, email filtering and automated software patching. Regular maintenance along with configuration and installation of new equipment is included. We look after your 3rd party suppliers, working with them to sort out issues with phones and broadband even where we don’t supply them. Finally, you have the backing of a full team of engineers on our service desk, with unlimited on-site support available too, if things do go wrong. And it probably costs less than you might think.
For a free, no obligation conversation including an assessment of your existing IT setup call us today or complete a Contact Form and we’ll get straight back to you.
