Re: Patch testing

From: Kurt Seifried (bt_at_seifried.org)
Date: 08/21/03

  • Next message: Matt Brei: "Re: Patch testing" 
    To: "Todd Schubert" <todd@toddschubert.com>, <focus-ms@securityfocus.com>
Date: Thu, 21 Aug 2003 13:27:34 -0600

    > Along the same lines...if you do have the resources to deploy some test
    > servers but not to recreate every type of server in the enterprise (dc,
    > web, exchange, certificate authority, db...) how should you go about
    > setting up the test servers? Is there a specific area that should be
    > focused on? Also how important is it to have the test servers running
    > the same types of hardware as the production environment?

    My (likely obvious) advice: get good backup software that can do a full
    system backup and restore to bare metal (in case the patch kills windows) as
    well as something to backup any data that changed (i.e. database
    transactions, certificate changes/etc), these will likely be application
    specific. Then if the new patch does something bad you have a chance of
    backing out.

    Kurt Seifried, kurt@seifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

  • Next message: Matt Brei: "Re: Patch testing"

    Relevant Pages

    • Re: Patch testing
      ... In my SMB arena we post into community newsgroups and ask others what their results have been and get a "community" ... > servers but not to recreate every type of server in the enterprise (dc, ... Download a FREE whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • Normal setup for Web page, web service, firewall secured database?
      ... I think this is a fairly normal situation; outside the firewall are ... two servers, one containing the various web applications that in this ... aspnetdb userid along with the request to the webservice and use the ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Patch testing
      ... servers but not to recreate every type of server in the enterprise (dc, ... >firewall security suite that prevent Web applications attacks, ... Download a FREE whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • Form Authentication Across Web Servers
      ... I have a two ASP.NET2.0 Web applications which are published/deployed ... on two different servers. ... Users of these website can switch between these website as per ... Form authentication is being used to authorize user. ...
      (microsoft.public.dotnet.framework.aspnet)
    • Re: Next openSUSE
      ... That will not do because I add the new stuff on the backup drive. ... I take pieces (directory trees) and copy them manually. ... I would have had to use free servers of pay for, ... My guess is that CSS or whatever is causing this bug. ...
      (alt.os.linux.suse)