Getting Started With MSP & IT Documentation, Best Practices, Tips & Tools

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

tom here from orange systems and i'm joined by john hammond from huntress how you doing john i'm all right tom how are you we are starting a new series here uh working with the team at huntress and me and john he's also a fellow creator look him up does a lot of great videos diving into a lot of security stuff there and uh some deep dive which really i think my audience your audience and the huntress audience all really wants we're going to get technical here but before we get technical the first series in this episode is going to be about documentation and uh this came up the other day uh i i actually tweeted i i don't like calling it vague tweeting but obviously i can't talk in detail about client personal information but basically a client was hit with ryoka not one of ours we got called in because they were hit and i had posted that my favorite mike tyson cyber security quote everybody has a plan until they get hit in the face um i just love that statement because it's true because it dealing with it head-on is very hard and it was exasperated by this particular larger enterprise that had a lack of documentation so we're going to talk today about documentation it's important it is the most boring part of it is why everyone doesn't want to do it but it is also absolutely critical when you as a third party come in there and start asking questions like what are we going to do to work on this and where are the servers how are they connected and there's uh someone grabs a magic marker and just starts drawing i'm like oh boy i was hoping i understand the documents are encrypted now but i was hoping someone had something nope we didn't even have it it's not even encrypted we just didn't we just kept building over the last x years of our existence and um we just have heads people that all know and part of the training was the you you the new people to start digging in which is oh my gosh he's not ideal right yeah i mean like if it's just stored up here like if it's all in your head one day uh it might not be there anymore or that person might be gone so it's really really important to have all this stuff kind of written down documented archived somewhere somehow so people can get into it uh i know when we always like open the problems like hey we have to have documentation we have to have procedures and policies and stuff it's really hard to solve that problem because there's a lot to think about and we wonder like okay what do we need to document or how because sure we've got to keep track of assets our inventory network data flow stuff like that what happens when x occurs whatever the case may be yeah that's a lot of stuff to kind of like figure out uh so i will offer a shout out and some love to the blue team field manual personally i think this thing is fantastic there's a lot of great stuff both tech and non-tech in here but if you check out like just one of the first pages they'll talk about some key documents that you like absolutely should have organization chart network diagrams data flow diagrams critical assets incident incident response plan business continuity disaster recovery just stuff ideas kind of written down so you'll know how to respond when stuff hits the fan yeah and this is one of those you know immediate things is when i started helping them with the chart i said hey we gotta we gotta find out who your hr person is like you're a tech guy why you care about hr i said probably someone's gonna notice the businesses cease to function as normal business probably hr and legal will want to discuss what the employees internally need to handle and how it externally will affect your clients so you know there's a lot of things in there that don't sound technical but it's just making sure that everyone knows where everyone is that's why org chart gets mentioned in a blue team field manual you got to know who's responsible for what uh now since we started with cyber security let's talk about cyber security controls probably the first things you really should work on getting documented and we have a few things pulled up here so let me jump over to one of my other desktops and before we jump all the way into the nist incident response we're going to leave links and show notes to all this too which this is a good one too uh this is actually a pretty short one and i think what we say there's 70 yeah 79 pages of how to handle some of the incidents kind of 79 as in as in short yeah as in short look authority and publications and boilerplate stuff that you don't really need to read you can skip down acknowledgements of who included all this that's great introductory and now we can actually start executive summary and go in here but following some of these guides i know it's not the best reading and maybe it'll put you to sleep but at least if you go through these they're really important to start understanding what structures are important from there now the next side of this is going to be what do you document after you know some of this and the cis controls navigator this is really cool from the center for internet security and i love these guys i love i love the center for information security like they have internet security they've got great hardening guides processes to really get in the weeds on the keyboard the tech stuff and even this even the high level procedure policy documentation all this has to be in place yeah and i i know a lot of it people part of their uh task and they they come in they take over and their new position is and they realize the previous position was gone because while they didn't document they had a security incident whatever reason but they also find out that they are under compliance of one of these like pci dss or they have to follow one of these other baselines here and they want to know what to do well they it is a daunting task if they're starting at zero for documentation so if your pci dss or you want to fire follow the um emitter attack framework or in this one so you can just check these boxes and start we can go check all if you want to go crazy or just apply certain filters for uncheck all but you figure out what things actually apply to you and what this does when you're done we'll do the full one here we hit export it's going to think so we have a lot of stuff in there and here is an excel file that you can start putting all the controls in here and it tells you what you need in here and i open it up in libreoffice because i'm using linux but i think it comes up a little prettier in excel but you can go through here users what do you need to do default passwords before deploying any new asset change all default passwords what these are is it starts creating check boxes for you to do so you can start labeling these create a legend create some color coding of what has been done what hasn't been done it's all written out here with titles and descriptions that are all in plain english and it's a good way to start getting there and it's you can also dubbing this up so based on the asset type device physical layers or applications and decide who needs to be assigned to what you know maybe you're in charge of the network but maybe there's some work in here for some of the hr people to make sure things are done as well um because everyone kind of has a role to play when it comes to deploying security at a company the the end users are are not immune from this matter of fact they're kind of like the front line operators aren't they they're the ones that usually are the most likely to have clicked on something uh to let things in so making them a participa participant in this security assessment and having these type of things just laid out for you is great because this can be that base document before you start doing it and you've seen how quick it was to create a document like that i love the fact that it's in excel and that's not to say like okay great using microsoft excel is kind of the solution but that's really really portable like there's so there's less of a barrier of entry on that because maybe not everyone has okay microsoft office 365 excel but you could transform that into a comma separated value file like it can be plain text if for whatever reason you need it to be or you can load that up in like google sheets and it can become a collaborative document and you can add more to it and that's accessible really from anywhere that's on the internet and i mean you'll have to make sure that's kind of kept to your own archives and your own library but there's a lot of ease of use and ease of access in that that's one of the things i preached a lot was um people message me all the time hey tom will you cover this unique piece of software in a channel i'm like one of the problems you run into is that accessibility and cross-compatible with either third party or internally making it easy for everyone to access um i mean setting up i can't remember the name of it someone has some that runs in docker that's got some complexities set up that's supposed to help automatically map your network and then create all this thing then every user has to create a login and i know as someone managing things how many more things that need logins and passwords to manage do i need get an excel document whether you're using google suite which is my preference or and we have a lot of clients using office 365 you can still do collaborative document sharing there you get the document located within your office 365 environment you get the document shared now people can work on it and just generally speaking most end users can use excel or at least hopefully can if they're if they're working in an office level position so you know making the data accessible i think is first where you start maybe later you find something very niched in like if you are specifically managing a data center okay you have a different need than an it person in a business there's a those are i'll admit maybe you do need specialized software because your day-to-day operations is running azure but if you're not running azure you're not working at a large data center you are more run-of-the-mill going to run standard i.t uh finding the most accessible levels of documents is gonna be more helpful to the progress of your work also you don't wanna be the only one doing it trust me that is never that's that's an instant failure because you will not have time the more you can break out and delegate is going to be better yeah have a team now i will talk about uh one more thing here and before i pivot over to a little another tool that i really like for documentation which is going to be whoop i close did i close my excel document no i have this in google sheets but this started as an excel document so my company does a lot of infrastructure builds and excel is also the common language we get to speak between the companies that hire us to build infrastructure at the remote locations and this particular project has some weird naming because this is a company i believe they're based out of vegas we're here in detroit but these are how they send us the documents how to build their detroit office they have offices all over the place and one of the advantages of doing this and throwing this excel document in google sheets again this is a rack there's so many use that iraq has where do the horizontal stuff go and this is that physical layer documentation what is in each section of the rack what goes in there now we were only building infrastructure they actually have a whole separate uh racks that went for their uh servers that were kind of pretty i don't have a copy of them we just happened to see them because someone else was they sent their team into rack the servers but the same thing they would put what's in like they had a 4u storage server uh they had some things like the triple a council server that was in here one new horizontal rack manager once again why was all this in excel because people building infrastructure we're at the point where there's no internet in this building matter of fact the lights were kind of dangled by electricians because electrical wasn't finished because we're there at the construction phase this is a physical new build out uh so having this on a phone or a tablet with um internet access because like i said the building doesn't have it and putting in how this stuff goes it's that barrier of communication being eliminated for being able to do this and this is their uh fec war mdf rack and fec war uh idf so there was two different locations primary and then the intermediary idf system here and a lot of these were open uh well this is actually how it ended up they sent us something different we actually had to move things around because it wouldn't fit but easily edited on the phone back to that low barrier of entry so this is awesome yeah it's just simple exactly like this is it it keeps it simple it keeps it easy it doesn't have to be like over engineered or complex you don't need an incredible elegance just you got to write it down you just have to have it you have to you have to go through these cis controls you have to go through this nist framework guide the onus is kind of on you just to make sure that we have some idea and it's concrete and established as to what we have and where it is and how it lives this is awesome this is a great simple solution and one thing that's really important um and this is my my previous days i worked as corporate i.t for a transportation provider that worked in the automotive sector and so we had to do if you're not familiar with it iso documentation and one thing that was like you would fail your iso is you didn't put the date for everything because everything has a date and that's actually really important because this is how documentation gets out of date because if you remember you added a new server or something but you look at the date you add the server and the date of the documentation you know it's wrong i can't if you ever have to print these it's easy enough to see the revisions inside of here because it keeps a revision history i can just go version history blah blah blah but when you print any of these which by the way do it because back to my very first statement about things being encrypted if they would have had all those documents but they would have been encrypted they wouldn't have had all those documents so it is at least somewhere in the server rooms print these out but make sure you put a date on them or write a date on when they're printed so you know that's the time of life with this now over here i've done a whole video on diagrams.net formerly called draw.io they did some name changing but the software's the same this is free open source embeddable and confluence for those of you that are doing things in confluence embeddable in a lot of different formats but what this allows you to do is without having to pay any license fees also makes it easily shareable because it's free via the web version via download version you can easily share diagrams and documents with people i i mentioned it i mean i know i was a long time visio user so i i realized video is probably kind of the gold standard out there but still not everybody has it the nice thing about this uh it's easy for everyone to have it and start speaking the same language very quickly matter of fact without loading anything they can open up in a web browser and upload your diagram and start editing it and send it back to you um they don't need to install anything matter of fact we'll go a step further and i have this in my demo you can export these to like a png file so it's just like a graphic but then it's it's shadow embeds in there the um xml to recreate it so you can actually open it import the png and if it was created with drawdio it pulls it back out and re-assesses it and this looks like it's great for just like network diagrams data flow diagrams anything that you just need to draw out like this this looks like an easy and awesome solution yeah really easy to use it's free so low barrier of entry you don't have to go seek approval to get this integrated into your network it doesn't have any ongoing license fees it's all open source um and you know things like this this is the lab uh is this my lab one yeah well no this is actually one of my other ones but start first breaking down what are these servers what's on these servers and things like that so i know and have documentation and then i print this and it's actually you know taped inside my server rack that way if the lights are out because some catastrophic explosion happens at least we know what servers are which what's on them why they're critical so that's what the servers are listed here and some of the basics uh this one here is just one of their templates but it shows like a vmware with a disaster recovery site deployment how you would tie these kind of through when and in terms of being able to create um templates it's hard starting in a blank sheet it's just one of those you stare at it and we'll hit create new diagram and i'll only drag this over to the right screen file new back to we said uh well cloud flowcharts here oh and they already have a ton of examples right they already have a good good handful of templates you could use to work with yep lots of different types of charts that you can use here uh network charts other charts different type of groupings for things and it's really nice once you start with some of these makes life so much easier even if it's just a basic uh we mentioned org chart right here create now kind of a fun thing when you're creating these it does allow you to embed links email links and everything else just like vizio does i know that's a popular feature being able to have all that um and i've seen someone do some really slick ones some of our clients have taken the time to do this when they're documenting the servers they hyperlink like the idrac controllers in there so each one you click on for that server it launches you to the idrac page for when you're documenting servers um that's just handy when you want to like i need to get into the server i first need to identify the server oh no how do i get to the idrac i have another ip list or just put hyperlinks to all your servers inside your drawn i o file like don't overthink it and then once you embed this there's an option to embed this as html and obviously make it that much easier and back what i said earlier confluence and things like that you can put it in there so it's shared with your team really easily or just png files etc and away you go so this is fun tool well hey that's a a great bundle i think between network diagrams we could use diagrams.net sure you could do some vizio sure you could do some like lucidchart whatever you're interested in uh excel for hey maybe some asset tracking maybe some how the server rack looks um and working through those like center for internet security guides working through those to build out checklists build out work disaster recovery plans whatever you might need there's a good amount to go through yeah but i think fast enough to get people started is i mean if we just sit around talk about documentation like i said it's not the most exciting aspect of it but it is such a fundamental part and it just makes your job easier when a disaster does occur because you have a process procedure what to do this was a well-received thing that we did on that big huntress hackett event uh well it's been a month or just a couple weeks now i can't i guess yeah it was october so it's been a month now it's been a month now um you know and the choose your own adventure was fun but you don't really want to do that in real life when you when you're going through there's been an incident now what choose your own adventure what what steps are next best time to think about them is before they happen so uh this was our first episode of some of these tips i don't know if we have an exact name for these but we'll uh we're working on more series of these we do love feedback so leave comments and everything of what what more you like to hear from us we will leave links in all the show notes uh to all the things we mentioned of course the link to the blue team handbook the niss guidelines the cis controls and draw i o is well drawdior diagrams.net so i think they still have a redirect for drawdio i still want to call it that because when i reviewed it that's what it was so called i think so naming conventions silly names silly names domains and all that fun stuff well hey this was a blast tom thanks so much and i'm excited for us to keep chatting again yep and we have more topics but uh if you have a specific topic you want to cover next because we have a long list to go through don't worry if you don't say nothing we'll still come up with more and you can check out uh both of us we each have our own individual channels as well so we're easy people to find and uh thanks and thank you for making it to the end of the video if you like this video please give it a thumbs up if you like to see more content from the channel hit the subscribe button and hit the bell icon if you like youtube to notify you when new videos come out if you'd like to hire us head over to laurensystems.com fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on if you want to carry on the discussion head over to forums.lawrences.com where we can carry on the discussion about this video other videos or other tech topics in general even suggestions for new videos they're accepted right there on our forums which are free also if you'd like to help the channel in other ways head over to our affiliate page we have a lot of great tech offers for you and once again thanks for watching and see you next time

Info

Channel: Lawrence Systems

Views: 21,171

Rating: undefined out of 5

Keywords: lawrencesystems, managed service provider, managed services provider, managed services, msp channel, managed services providers, it support, it documentation best practices, documentation, it management, network documentation, network diagrams, network mapping

Id: z6IhdXa8zKE

Channel Id: undefined

Length: 19min 51sec (1191 seconds)

Published: Fri Nov 20 2020