Re: Patch testing

From: Kurt Seifried (bt_at_seifried.org)
Date: 08/21/03

  • Next message: Matt Brei: "Re: Patch testing"
    To: "Todd Schubert" <todd@toddschubert.com>, <focus-ms@securityfocus.com>
    Date: Thu, 21 Aug 2003 13:27:34 -0600
    
    

    > Along the same lines...if you do have the resources to deploy some test
    > servers but not to recreate every type of server in the enterprise (dc,
    > web, exchange, certificate authority, db...) how should you go about
    > setting up the test servers? Is there a specific area that should be
    > focused on? Also how important is it to have the test servers running
    > the same types of hardware as the production environment?

    My (likely obvious) advice: get good backup software that can do a full
    system backup and restore to bare metal (in case the patch kills windows) as
    well as something to backup any data that changed (i.e. database
    transactions, certificate changes/etc), these will likely be application
    specific. Then if the new patch does something bad you have a chance of
    backing out.

    Kurt Seifried, kurt@seifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------


  • Next message: Matt Brei: "Re: Patch testing"