Dennis Walker One 2025

Blog

  • Product: O/S Patching

    Operating system (OS) patching is one of the most important defenses in protecting digital systems from vulnerabilities and preserving the integrity, security, and optimal performance of both Linux and Windows environments. Keeping operating system up to date with at least security patches is a must. My base O/S patching is an option with the monitoring. It provides patching on a schedule determined by your schedule. For most clients this is daily early in the morning when you are not using your computer. If you are one of those clients that this is inconvenient for, I can adjust the schedule to less frequent and on another time. Below is some information about what and why this is so important. If you have any questions, call me.

    What is OS patching? 

    OS patching is the practice of applying software patches to the operating systems installed in your environment to ensure they remain safe, secure, and protected from external threats. The IT landscape is changing. BYOD, OS diversity, and even end users accessing corporate systems via public networks all present challenges for IT departments trying to keep track of increasingly complex infrastructure and dependencies. With increased complexity comes an increased risk of cyber threats that the service ecosystem could be exposed to, as well as keeping track of new OS patch releases from vendors and suppliers. With those challenges in mind, staying current with cross-platform patch management and building a robust approach to patching have never been more relevant.

    Why is OS patching important? 

    Done well, OS patching can be the difference between a well-supported environment and one that is susceptible to unplanned downtime and performance issues. Here are some of the critical benefits of a robust approach to OS patching:

    • Compliance:Many organizations now have regulatory requirements or insurance directives mandating a regular patching regime. Non-compliance can lead to severe penalties. 
    • Availability: Keeping your systems’ patches will prevent extended downtime due to security threats and remedial maintenance/emergency patch activity.
    • Performance: Devices can crash due to software defects, so keeping your services patched means they are updated with the latest bug fixes and are more secure. 
    • Security: A common cause of network security breaches is missing patches in operating systems. Having a regular patch schedule means installing updates promptly, reducing the opportunity for data loss and damage to your infrastructure. 
    • New features: Patches are not always about protection from malware or fixing bugs. Sometimes patches can include new features that can give you greater functionality.

    Common challenges, and how to address them

    Here are some of the most common patching challenges and how to handle them:

    ChallengePossible Solution 
    No appetite for maintenance windowsIt is not always easy to justify regular downtime for maintenance, especially as many organizations are feeling the pinch in a post-pandemic economy. Remember longer downtime following a virus, cyber-attack, or ransomware incident. Work with your team to agree on a maintenance window acceptable to all users.
    Keeping track of OS patches from different vendorsUnderstanding what patches are outstanding is a crucial activity to be able to prioritize support activity.

    Dos and Don’ts of OS patching

    Are you inspired to sort out your OS patching process once and for all? Here are some tips for getting started.

    • Enable automatic software downloads whenever possible to ensure critical updates are installed as quickly as possible.
    • Don’t use unsupported or EOL (end-of-life software).
    • Do use secure vendor servers for patches and software updates.
    • Don’t install patches from unknown links or ad content.
    • Do communicate patch windows beforehand and agree to any potential downtime with the rest of the business.
    • Don’t download software updates to devices while on untrusted networks.
    • Do prioritize systems for patching so you know which have the highest risk or are most sensitive to the organization. 
    • Don’t try and patch everything. Not all vulnerabilities will be exploitable in your environment, so check if the patch is needed first.
    • Do apply patches as soon as possible (once you have confirmed they are needed). Deploy operating system patches immediately when they are released since they can have severe and widespread effects.
    • Do build in some flexibility by using pull-based deployment mechanisms to enable the end user to schedule the patch at a convenient time. 
    • Don’t allow people to put off updates indefinitely. Have something in place so that after a pre-registered amount of time, pull reverts to push so your users and their systems are protected. 
    • Do regularly scan and audit your environment to ensure any vulnerabilities can be flagged and acted upon. 
    • Do create patching procedures for routine and emergency patches so that urgent patches can be deployed quickly to mitigate organizational risk. 
    • Do understand each vendor’s release schedule for patches and updates so that you can plan and schedule maintenance work accordingly.

  • Product: Webroot DNS Protection

    To help protect from malicious websites, we recommend DNS filtering by Webroot.

  • Product: Sentinel One Control

    The next generation of endpoint protection. It does not routinely scan for known viruses and malware but monitors and logs computer activity looking for suspicious behavior. If bad behavior is detected, recovery options include killing the process, quarantine the file, roll back any changes the process made.

    For the best protection, I recommend combining Sentinel One and Webroot.

  • Product: Webroot Anti-virus

    Our old friend anti virus. I have been using Webroot for over 15 years and have never had it let me down. This is our basic anti-virus product. This is the anti-virus I have been using for over fifteen years without any significant infections. It works well and does not slow down your computer. The only reason I offer anything else is because in today’s security environment, it is possible, and I’m told likely, that new viruses are designed to bypass the type of protection provided by Webroot and other anti-virus programs. I still recommend this for residential and low priority entities.

  • Product: N-Able RMM

    N-Able N-Sight RMM is our current default monitoring agent for computers and servers. It has several optional features that allow me to provide other services. I’ll describe some of them below as well as normal default monitors. Each computer or server will get the default monitors initially and then they will be customized for your environment so that we know when an important issue arises. Prices below are per month per endpoint.

    • N-Abe Options
      • Base Install. $2.50.
      • Remote Control. Included with base price. Allows me to remote into the computer and fix issues without making a trip to your location.
      • Remote Background. Included with base price.
      • O/S Patch Management. $3.50. Monitored patch and upgrade management for your operating system.
      • Third Party Patch Management. $1.50. Monitored patch management for supported third party applications.
      • Network Scanning. Included with base price. This allows an attempt at scanning your network for dangerous devices. Depending on the device and its configuration, a scan may not tell us anything. But it might tell us if something new is attached to your secure network.

  • Monitoring

    This is the primary advantage of purchasing products from Dennis Walker over purchasing them yourself. I can monitor many aspects of your computer and internet system.

    Our primary monitor for workstations and servers is N-Able N-Sight RMM. This agent allows us to monitor most all aspects of the operation of your computers and servers as well as operation of services provided.

  • Email Security Features Offered by Dennis Walker One

    In todays security environment, there is never any guarantee that you cannot get hacked. Unless of course to turn the power off to all your computers and lock them in a vault on another planet. OK, I’m getting carried away but the point is that even if you did all that, there will always be someone who can figure out how to undo it and get you anyway. Any security system has to make enough layers of security to make id difficult for hackers to get through them all. A robust email security system is not only important to protect your computer and information from destruction, hacking, and theft, but also to protect your clients and friends if you do get hacked.

    We sell and use Proofpoint Essentials for Email Security. Here are some of the features and our default setup. You may have need to adjust some of these but we have these defaults. You may need more or less protection. For example, we could quarantine any email that fails an SPF check rather than flag it. We chose this as a default so that users could see what was happening and take appropriate action with coligs if needed.

    Incoming

    • SPF – SPF is a mechanism used to authorize internet servers to send email for a domain. If a domain like domain.com authorizes mail.domain.com to send email and an email from that domain comes from somewhere else, we will flag the email with a “Spoofed sender” tag in the subject. You should be careful about opening this email. If you know where it is coming from, you might want to inform the sender that their email SPF record has a problem and the email administrator needs to get it corrected.
    • DMARC – DMARC is similar to the SPF above but is used to verify the reply address rather than the sender address. Same action is performed. We will add DMARC Failed to the subject and again, be careful opening it.
    • DKIM – DKIM is a method to lock the contents of an email and ensure it has not been altered. It will also be flagged with a subject message “Warning DKIM failure”.
    • Virus and Malware. All viruses and malware will be quarantined and can only be released by an administrator.
    • filtering rules. We can create custom filtering rules that can redirect, quarantine, or take other actions base on several parameters.
    • Safe Senders. You can have individual or group safe senders that bypass SPAM, SPF, DKIM, and DMARC checks. They will not bypass virus and malware checks.
    • Blocked Senders. Blocked senders are quarantined immediately without being checked.
    • SPAM – I personally hate leaving the decision about whether an email is spam or not is scarry. Our spam filter has adjustable sensitivity from 1 to 22. Any email flagged as SMAM can be quarantined or flagged.

    Outgoing

    • Encryption
    • SPAM
    • Virus and Malware

    Training

    • Courses
    • Real time exercises. We can send

  • KeePass Password Manager

    KeePass is the password manager I use. Here are some tips and help getting it setup and useful.

    First, I like to install it with Ninite. Goto https://ninite.com/. Under other, check KeePass.

    Save the installer if you like. I keep it do do upgrades.

    Now that KeePass is installed.

    Keywords: keepass, keypass.

  • Computer Basic Training

    https://edu.gcfglobal.org/en/computerbasics/

  • Third Party Patching On Your PC.

    I currently use and resell Ninite Pro. Here is a list of possible alternatives.

    • Ninite Free
    • Ninite Pro
    • SUMo Pro
    • Patch My PC