RE: Patch testing

From: Chris Lynch (lynch00_at_cox.net)
Date: 08/25/03

  • Next message: Chris Lynch: "RE: Patch testing" 
    To: "'Joseph Migliozzi'" <jpmigliozzi@m3tc.com>, "'Kurt Seifried'" <bt@seifried.org>, "'Todd Schubert'" <todd@toddschubert.com>, <focus-ms@securityfocus.com>
Date: Mon, 25 Aug 2003 11:07:11 -0700

     
    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    This is all true. But, I haven't seen any patches or service packs
    for
    Windows 2000 of lately that had a fix for a hardware problem. But
    that's to not say one doesn't exist. You always need to do some
    research to find out what the hotfix/service pack is supposed to
    address.
     
    I was just offering a different approach than to spend a lot of money
    for replica equipment to test hotfixes/service packs. VMware is a
    great
    alternative.h

    ________________________________

    From: Joseph Migliozzi [mailto:jpmigliozzi@m3tc.com]
    Sent: Monday, August 25, 2003 10:52 AM
    To: lynch00@cox.net; Kurt Seifried; Todd Schubert;
    focus-ms@securityfocus.com
    Subject: RE: Patch testing

    I would agree that testing on a replica of production equipment is
    expensive. However, if some of you remember MS released the Windows
    NT
    4 Security Roll Up patch that caused Compaq servers with an old
    version
    of the SSD to blue screen. I wouldn't have thought to install the
    latest driver package for a roll up patch, a service pack yes. Of
    course the way to avoid this type of problem is to keep your drivers
    current. In my world I tend not to mess with drivers unless I am
    fixing
    a bug. I don't upgrade drivers on production equipment just for fun.
     
    In short it doesn't hurt to try out hotfixes on replica equipment if
    you
    can afford it. You could always check the manufacturers website
    before
    deploying patches as well to verify no driver / hotfix conflicts.
     
    Joe
     
    M3 Technology Consulting, Inc.

    â?¦.Computer and Network Services for your Growing Businessâ?¦.

    Joseph P. Migliozzi

    President

    Email: jpmigliozzi@m3tc.com

    Office: (703) 815-0070

    Mobile: (703) 863-2537

    ________________________________

    From: Chris Lynch [mailto:lynch00@cox.net]
    Sent: Sun 8/24/2003 2:17 PM
    To: 'Kurt Seifried'; 'Todd Schubert'; focus-ms@securityfocus.com
    Subject: RE: Patch testing
             

    - -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    This has been our advice to our clients. But, in the respect, we have
    changed out views, and are telling our clients that having a test lab
    setup
    is a good thing. Now the question here was "how important is it to have
    the
    test servers running the same types of hardware as the production
    environment?" I would have to say next to zero. We are going as far as
    recommending Vmware for test labs. All you need to do is to replicate
    the
    services you are providing (Email, directory, file and print, SQL,
    Oracle,
    etc). Hardware doesn't come into play. I haven't seen a hotfix that
    has
    been released lately by Microsoft that would resolve an issue with a
    hardware vendor.

    I would say that you would be pretty safe to get some workstations, or
    clones, install Vmware, and test away.

    This isn't a product light for Vmware, but rather virtualization
    computing.

    Chris Lynch
    Senior Network Engineer
    Axcent Solutions, Inc.

    - - -----Original Message-----
    From: Kurt Seifried [mailto:bt@seifried.org]
    Sent: Thursday, August 21, 2003 12:28 PM
    To: Todd Schubert; focus-ms@securityfocus.com
    Subject: Re: Patch testing

    > Along the same lines...if you do have the resources to deploy some
    > test servers but not to recreate every type of server in the
    > enterprise (dc, web, exchange, certificate authority, db...) how
    > should you go about setting up the test servers? Is there a specific
    > area that should be focused on? Also how important is it to have the
    > test servers running the same types of hardware as the production
    environment?

    My (likely obvious) advice: get good backup software that can do a full
    system backup and restore to bare metal (in case the patch kills
    windows) as
    well as something to backup any data that changed (i.e. database
    transactions, certificate changes/etc), these will likely be application
    specific. Then if the new patch does something bad you have a chance of
    backing out.

    Kurt Seifried, kurt@seifried.org
    A15B BEE5 B391 B9AD B0EF
    AEB0 AD63 0B4E AD56 E574
    http://seifried.org/security/

    - -
    - ------------------------------------------------------------------------
    - ---
    KaVaDo provides the first and only integrated Web application scanner
    and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on
    Security
    Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    - -
    - ------------------------------------------------------------------------
    - ---

    - -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0
    Comment: Public PGP key for Chris Lynch

    iQA/AwUBP0kBRm9fg+xq5T3MEQI6FwCfTfo4X4z3uJRgnl8cqFnTRJmFvEAAoL4d
    OlG7ZyL5kOuBJeh1t5Cpox4o
    =g8xE
    - -----END PGP SIGNATURE-----

    - ------------------------------------------------------------------------
    - ---
    KaVaDo provides the first and only integrated Web application scanner
    and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on
    Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    - ------------------------------------------------------------------------
    - ---

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 8.0
    Comment: Public PGP key for Chris Lynch

    iQA/AwUBP0pQTm9fg+xq5T3MEQI1DwCdF4UJMhpXNK7ZK6lP3lWvArmbGscAoKsp
    7qz8DydcmKRsNbt5XewZB/8y
    =tARS
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    KaVaDo provides the first and only integrated Web application scanner and
    firewall security suite that prevent Web applications attacks, the most
    common form of online exploitation. Download a FREE whitepaper on Security Policy Automation for Web Applications.
    http://www.securityfocus.com/sponsor/KaVaDo_focus-ms_030818
    ---------------------------------------------------------------------------

  • Next message: Chris Lynch: "RE: Patch testing"

    Relevant Pages

    • Re: Patch testing
      ... And we're supposed to do this for every patch MS releases? ... Also how important is it to have the test servers running ... >firewall security suite that prevent Web applications attacks, ... Download a FREE whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • Re: Patch testing
      ... > This has been our advice to our clients. ... Hardware doesn't come into play. ... With regards to large patch sets like Service Packs, ... Download a FREE whitepaper on Security Policy Automation for Web Applications. ...
      (Focus-Microsoft)
    • RE: Patch testing
      ... test servers running the same types of hardware as the production ... transactions, certificate changes/etc), these will likely be application ... firewall security suite that prevent Web applications attacks, ... Policy Automation for Web Applications. ...
      (Focus-Microsoft)