Re: Patch testing

From: Kurt Seifried (
Date: 08/21/03

  • Next message: Matt Brei: "Re: Patch testing"
    To: "Todd Schubert" <>, <>
    Date: Thu, 21 Aug 2003 13:27:34 -0600

    > Along the same lines...if you do have the resources to deploy some test
    > servers but not to recreate every type of server in the enterprise (dc,
    > web, exchange, certificate authority, db...) how should you go about
    > setting up the test servers? Is there a specific area that should be
    > focused on? Also how important is it to have the test servers running
    > the same types of hardware as the production environment?

    My (likely obvious) advice: get good backup software that can do a full
    system backup and restore to bare metal (in case the patch kills windows) as
    well as something to backup any data that changed (i.e. database
    transactions, certificate changes/etc), these will likely be application
    specific. Then if the new patch does something bad you have a chance of
    backing out.

    Kurt Seifried,
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574

    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.

  • Next message: Matt Brei: "Re: Patch testing"