Re: Patch Management on Critical Servers (Healthcare)
- From: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx>
- Date: Tue, 09 May 2006 12:11:49 -0700
"If" you have the resources.. if you don't and are not bound by regulations, SOX, Hipaa and what not... that "test" can be merely a "canary" of a user on your network before you roll that patch out to the rest of the network.
As you well know... as the firm size gets smaller... "segregation of duties" sometimes have to have alternative options to get the same job done.
Even though I do the best I can testing on a test network..there are times that I don't find stuff out until it hits the real network because unless I have cloned the server, the workstations, the applications, the data, and especially the users... I cannot duplicate exactly my network.. Thus ..even as good as you test... realize that there will be gotchas that you have to deal with.
BTW three patches today... one on Exchange and iCals looks fun... affects Blackberry devices as well in the permission settings that it changes.. read those bulletins... read those "caveat" sections.
Chris Dalton wrote:
Some key items to remember is that testing of the patch must be done in a separate environment from production.
The test system must be at the same level as production.
Production data must not be used in testing
There must be a proper segregation of duites between those who test and those who move into production.
Chris G. Dalton C.P.A.
Corporate Audit Services
Capital One Financial
1-504-533-6419 phone
1-504-533-2355 fax
I'm a fan of Shavlik.... not only from the standpoint of their product..but their 'community help' posture as well. They run the patchmanagement.org listserve that discusses patch management platforms and patching issues. (Check out www.patchmanagement.org)"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@xxxxxxxxxxx> 05/08/06 4:44 PM >>>
Honestly.. it's the process of change management that is the hard part, I think..the testing and the approval process. No matter what patch tool you chose will have it's nuances that you get used to.
Why do I like Shavlik?
Because it just shows me the patches I need in a nice format unlike WSUS which has a confusing UI.
Because it works.
Because it has additional features like 'reboot before patching', Office local install source, and will patch things beyond MS in my network.
Jim Stagg wrote:
On this topic, I'd love to hear from some of the non-WSUS Microsoft server
folks are doing. I've heard a lot about BigFix, Patchlink, St. Bernard, SMS,
GFI et al. Has anyone found a product that works reliably?
--
Jim Stagg, Systems Administrator
-----Original Message-----
From: Renee Peters [mailto:reneep@xxxxxxxxxxxxxxxxxxxx] Sent: Monday, May 08, 2006 10:41 AM
To: beinm@xxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx Subject: RE: Patch Management on Critical Servers (Healthcare)
Last year, our college campus was hit with an unclassified virus. After the hours it took to manually run around and patch 1000+ computers, our upper management finally approved a WSUS server. Knock on wood, it has run beautifully, and keeps our desktops and servers patched. As far as actually getting the updates applied and rebooting, we have standard times posted that the server may be unavailable due to routine maintenance. After last year's scare, everybody seems to be OK with this slight inconvience. We aren't regulated as much as the healthcare field, but do still have standards to meet for state and federal funding. As long as the president of the college supports our practices, we don't have much to worry about.
Renee
Network Manager
-----Original Message-----
From: beinm@xxxxxxxxx [mailto:beinm@xxxxxxxxx] Sent: Monday, May 08, 2006 8:02 AM
To: focus-ms@xxxxxxxxxxxxxxxxx Subject: Patch Management on Critical Servers (Healthcare)
Hello
I'm just curious to hear how people in the field have been handling patch management with critical servers. Have you setup maintenance windows? If, so how did you manage the down time? What have people been doing if the device or server has an approved FDA configuration? Are you using thing like WSUS?
Thanks,
Matthew
Security Engineer
--------------------------------------------------------------
----------
---
--------------------------------------------------------------
----------
---
--------------------------------------------------------------
-------------
--------------------------------------------------------------
-------------
* Letting your vendors set your risk analysis these days? http://www.threatcode.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
--
Letting your vendors set your risk analysis these days? http://www.threatcode.com
---------------------------------------------------------------------------
---------------------------------------------------------------------------
- References:
- RE: Patch Management on Critical Servers (Healthcare)
- From: Jim Stagg
- Re: Patch Management on Critical Servers (Healthcare)
- From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
- Re: Patch Management on Critical Servers (Healthcare)
- From: Chris Dalton
- RE: Patch Management on Critical Servers (Healthcare)
- Prev by Date: RE: Patch Management on Critical Servers (Healthcare)
- Next by Date: Re: USB device installation problem
- Previous by thread: Re: Patch Management on Critical Servers (Healthcare)
- Next by thread: RE: Patch Management on Critical Servers (Healthcare)
- Index(es):
Relevant Pages
|
Loading
