RE: Patch testing

• Previous message: Matt Brei: "Re: Patch testing"
• In reply to: Kurt Seifried: "Re: Patch testing"
• Next in thread: Brian DeLine: "RE: Patch testing"
• Reply: Brian DeLine: "RE: Patch testing"
• Reply: Avleen Vig: "Re: Patch testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Kurt Seifried'" <bt@seifried.org>, "'Todd Schubert'" <todd@toddschubert.com>, <focus-ms@securityfocus.com>
Date: Sun, 24 Aug 2003 11:17:43 -0700

 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This has been our advice to our clients. But, in the respect, we have
changed out views, and are telling our clients that having a test lab setup
is a good thing. Now the question here was "how important is it to have the
test servers running the same types of hardware as the production
environment?" I would have to say next to zero. We are going as far as
recommending Vmware for test labs. All you need to do is to replicate the
services you are providing (Email, directory, file and print, SQL, Oracle,
etc). Hardware doesn't come into play. I haven't seen a hotfix that has
been released lately by Microsoft that would resolve an issue with a
hardware vendor.

I would say that you would be pretty safe to get some workstations, or
clones, install Vmware, and test away.

This isn't a product light for Vmware, but rather virtualization computing.

Chris Lynch
Senior Network Engineer
Axcent Solutions, Inc.

- -----Original Message-----
From: Kurt Seifried [mailto:bt@seifried.org]
Sent: Thursday, August 21, 2003 12:28 PM
To: Todd Schubert; focus-ms@securityfocus.com
Subject: Re: Patch testing

> Along the same lines...if you do have the resources to deploy some
> test servers but not to recreate every type of server in the
> enterprise (dc, web, exchange, certificate authority, db...) how
> should you go about setting up the test servers? Is there a specific
> area that should be focused on? Also how important is it to have the
> test servers running the same types of hardware as the production
environment?

My (likely obvious) advice: get good backup software that can do a full
system backup and restore to bare metal (in case the patch kills windows) as
well as something to backup any data that changed (i.e. database
transactions, certificate changes/etc), these will likely be application
specific. Then if the new patch does something bad you have a chance of
backing out.

Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://seifried.org/security/

-
---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security
Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
-
---------------------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: Public PGP key for Chris Lynch

iQA/AwUBP0kBRm9fg+xq5T3MEQI6FwCfTfo4X4z3uJRgnl8cqFnTRJmFvEAAoL4d
OlG7ZyL5kOuBJeh1t5Cpox4o
=g8xE
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------

• Previous message: Matt Brei: "Re: Patch testing"
• In reply to: Kurt Seifried: "Re: Patch testing"
• Next in thread: Brian DeLine: "RE: Patch testing"
• Reply: Brian DeLine: "RE: Patch testing"
• Reply: Avleen Vig: "Re: Patch testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]