RE: Patch testing

• Previous message: Chris Lynch: "RE: Patch testing"
• In reply to: Chris Lynch: "RE: Patch testing"
• Next in thread: Avleen Vig: "Re: Patch testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <lynch00@cox.net>
Date: Mon, 25 Aug 2003 13:27:22 -0400

The NT 4 security roll-up caused issues with certain Compaq array controllers. It's certainly not a recent patch, but it illustrates that hardware can be an issue.

Brian DeLine
Information Security Architect
Herman Miller, Inc.

                                                                                                                                                                       
                      "Chris Lynch"
                      <lynch00@cox.net> To: "'Kurt Seifried'" <bt@seifried.org>, "'Todd Schubert'" <todd@toddschubert.com>, <focus-ms@securityfocus.com>
                                               cc:
                      08/24/2003 02:17 Subject: RE: Patch testing
                      PM
                      Please respond to
                      lynch00
                                                                                                                                                                       

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This has been our advice to our clients. But, in the respect, we have
changed out views, and are telling our clients that having a test lab setup
is a good thing. Now the question here was "how important is it to have the
test servers running the same types of hardware as the production
environment?" I would have to say next to zero. We are going as far as
recommending Vmware for test labs. All you need to do is to replicate the
services you are providing (Email, directory, file and print, SQL, Oracle,
etc). Hardware doesn't come into play. I haven't seen a hotfix that has
been released lately by Microsoft that would resolve an issue with a
hardware vendor.

I would say that you would be pretty safe to get some workstations, or
clones, install Vmware, and test away.

This isn't a product light for Vmware, but rather virtualization computing.

Chris Lynch
Senior Network Engineer
Axcent Solutions, Inc.

-

---------------------------------------------------------------------------
KaVaDo provides the first and only integrated Web application scanner and
firewall security suite that prevent Web applications attacks, the most
common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
---------------------------------------------------------------------------

• Previous message: Chris Lynch: "RE: Patch testing"
• In reply to: Chris Lynch: "RE: Patch testing"
• Next in thread: Avleen Vig: "Re: Patch testing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]