On client systems and virtual machines (prologue)

I think almost every techy guy has at least one “client” for which they do some sort of consulting work.  Iether its charity work for friends/family/church/whatever, or they know a guy who knows a guy who’s willing to pay a little bit to have something done.

And the great bane of these kinds of clients is that you set their environment up for them, and then leave it alone. Maybe you check the logs every now and again, maybe not. And who knows what you (or they) have put on it. Sure it was the latest version… lets see… when was that… oh gosh! almost a year ago… and nothings been updated!

You get a call.  There have been odd huge traffic spikes… or the machine has been used to send out span… or something… This is when the sky darkens. The clouds roll in.  And that sinking feeling — like you might be too late — sets in.  There are huge gaping holes in this machine… somewhere…  And there’s someone else lurking in this silent house.  All of a sudden theres a lot of work to be done… and while you werent paid enough to sit on this thing and check for updates in every piece of software you did (or didnt) know about… Suddenly this is your fault and you get to fix it.

But… Where to begin… And how to mitigate this kind of damage in the future?