1 00:00:00,350 --> 00:00:02,090 Let me ask you a question. 2 00:00:02,090 --> 00:00:04,140 How many applications do you have installed 3 00:00:04,140 --> 00:00:05,600 on your computer right now? 4 00:00:05,600 --> 00:00:07,560 Now, I don't mean how many are currently running. 5 00:00:07,560 --> 00:00:10,540 But how many exist on your computer in total? 6 00:00:10,540 --> 00:00:14,219 Do you have five? 50? 500? Or maybe more? 7 00:00:14,219 --> 00:00:17,080 Each application that's installed on your device 8 00:00:17,080 --> 00:00:18,669 takes up valuable disk space, 9 00:00:18,669 --> 00:00:21,710 but more importantly, it introduces additional code 10 00:00:21,710 --> 00:00:24,520 and therefore, additional vulnerabilities. 11 00:00:24,520 --> 00:00:26,930 To combat this, system administrators attempt 12 00:00:26,930 --> 00:00:29,699 to practice a concept known as least functionality. 13 00:00:29,699 --> 00:00:31,930 Least functionality is the process 14 00:00:31,930 --> 00:00:33,819 of configuring a work station or a server 15 00:00:33,819 --> 00:00:37,240 to only provide essential applications and services 16 00:00:37,240 --> 00:00:39,280 that are required by the user. 17 00:00:39,280 --> 00:00:41,379 To create an environment of least functionality, 18 00:00:41,379 --> 00:00:43,830 administrators should restrict unneeded 19 00:00:43,830 --> 00:00:47,428 applications, services, ports, and protocols. 20 00:00:47,428 --> 00:00:49,320 Another method of doing this is 21 00:00:49,320 --> 00:00:51,888 to uninstall any unneeded applications. 22 00:00:51,888 --> 00:00:54,309 After all, every application that's installed 23 00:00:54,309 --> 00:00:57,139 on a computer must be managed, updated, 24 00:00:57,139 --> 00:00:59,178 and it provides yet another chance 25 00:00:59,178 --> 00:01:02,408 for a vulnerability to be introduced into our system. 26 00:01:02,408 --> 00:01:05,200 Now, our computers at work are often under 27 00:01:05,200 --> 00:01:07,810 a process known as configuration management. 28 00:01:07,810 --> 00:01:09,339 Most of our personal computers, though, 29 00:01:09,339 --> 00:01:12,260 have become a mess with unnecessary programs 30 00:01:12,260 --> 00:01:14,840 being installed and accumulated over time. 31 00:01:14,840 --> 00:01:17,270 For example, if you open up your programs 32 00:01:17,270 --> 00:01:19,290 and features section of the control panel, 33 00:01:19,290 --> 00:01:21,140 take a look at all of the various programs 34 00:01:21,140 --> 00:01:22,550 you have installed. 35 00:01:22,550 --> 00:01:24,160 You might be surprised at just how many 36 00:01:24,160 --> 00:01:25,680 are on your computer. 37 00:01:25,680 --> 00:01:28,470 For this example, this computer had 132 38 00:01:28,470 --> 00:01:30,280 different programs installed that took 39 00:01:30,280 --> 00:01:32,800 over 400 gigabytes of disk space. 40 00:01:32,800 --> 00:01:34,269 Looking through that list, there is a lot 41 00:01:34,269 --> 00:01:38,580 of unnecessary programs that that user could have uninstalled. 42 00:01:38,580 --> 00:01:40,850 As we previously mentioned, it's important 43 00:01:40,850 --> 00:01:43,700 to keep your programs and you software up-to-date. 44 00:01:43,700 --> 00:01:46,110 Sometimes, though, new programs are installed 45 00:01:46,110 --> 00:01:48,770 the old version is simply not removed. 46 00:01:48,770 --> 00:01:51,450 Recently, we updated our video editing software 47 00:01:51,450 --> 00:01:56,060 from Adobe Premiere 2018 to Adobe Premiere 2019. 48 00:01:56,060 --> 00:01:57,392 After the installation was complete, 49 00:01:57,392 --> 00:01:59,540 we saw that both versions remain 50 00:01:59,540 --> 00:02:00,821 installed on the computer. 51 00:02:00,821 --> 00:02:04,123 To eliminate the vulnerabilities from the 2018 version, 52 00:02:04,123 --> 00:02:08,010 we had to go back and manually uninstall it from our systems. 53 00:02:08,010 --> 00:02:09,790 Now, this may be easy to do when you 54 00:02:09,790 --> 00:02:12,160 have a small network of just few machines. 55 00:02:12,160 --> 00:02:13,820 But how do you do this when you're managing 56 00:02:13,820 --> 00:02:16,070 a huge enterprise network? 57 00:02:16,070 --> 00:02:18,003 For example, one network I used to manage 58 00:02:18,003 --> 00:02:22,230 had over 10,000 computers spread across four countries. 59 00:02:22,230 --> 00:02:23,560 It would have been impossible for me 60 00:02:23,560 --> 00:02:24,930 to send a system administrator 61 00:02:24,930 --> 00:02:26,940 to check the installed programs on each 62 00:02:26,940 --> 00:02:28,748 and every computer throughout the network. 63 00:02:28,748 --> 00:02:31,310 In large networks like this, preventing 64 00:02:31,310 --> 00:02:33,979 excessive installations is the best solution. 65 00:02:33,979 --> 00:02:36,480 In our corporate networks, it's common 66 00:02:36,480 --> 00:02:38,419 for us to create a secure baseline image 67 00:02:38,419 --> 00:02:42,310 that we use for all of the work stations across the company. 68 00:02:42,310 --> 00:02:43,850 This image will have the operating system, 69 00:02:43,850 --> 00:02:46,290 the minimum applications required, 70 00:02:46,290 --> 00:02:47,788 and strict configuration policies 71 00:02:47,788 --> 00:02:50,670 that are set up for all of those machines. 72 00:02:50,670 --> 00:02:52,990 These polices, though, do have to be updated 73 00:02:52,990 --> 00:02:54,499 and changed over time based on 74 00:02:54,499 --> 00:02:56,810 changing business requirements. 75 00:02:56,810 --> 00:02:58,860 We can use the Microsoft's system center 76 00:02:58,860 --> 00:03:01,549 configuration management or the SCCM tool 77 00:03:01,549 --> 00:03:03,730 that allows us as admins to manage 78 00:03:03,730 --> 00:03:05,828 large amounts of software across the network, 79 00:03:05,828 --> 00:03:08,340 as well as push out new configurations 80 00:03:08,340 --> 00:03:10,853 and policy updates to all of our PCs.