Re: Changes in IDS Companies?

From: J. Foobar (
Date: 10/31/02

Date: Thu, 31 Oct 2002 00:05:04 -0800 (PST)
From: "J. Foobar" <>
To: Aaron Turner <>,

To elaborate even further on your points here, which I
agree with:

The primary responsibility of your average
Solaris/Linux/NT admin, both as they and as management
see it, is not to keep their boxes secure.

*gasp* *shocked look*

The frequency with which some of the major OSes have
new patches released, especially Solaris just lately,
is enough to create somewhat of a boy-who-cries-wolf
condition in almost anyone.

Plus, these servers are not just base OSes running
nothing else. They are there for a reason, usually to
offer one or more application-based (often 3rd party
apps) to internal or external customers.

OS patches can break stuff. Admins know it, and they
are cautious and deliberate about applying them (at
best). If they rightfully insist on careful testing
of patches on lab machines and if this activity only
relates to a secondary job responsibility (security)
and they are already overworked to begin with, this
translates into weeks and weeks before these patches
get installed on production systems.

We make sure that the admins, and their management,
know about new relevant security vulnerabilities via
an internal advisory email distib list.

--- Aaron Turner <> wrote:
> I've never met any admin of any OS (Solaris, Linux,
> Windows mostly) who
> claimed that he/she had patched all of the servers
> within 24 hours of a
> patch on a regular basis. Most wouldn't even claim
> 7 days or even a few
> weeks. Is this best-practices? Not even close. Is
> it the reality?
> Absolutely, especially since most companies don't
> have their IT group
> fully staffed due to the economy.

Do you Yahoo!?
Yahoo! News - Today's headlines