Re: Patching
From: Alessandro Bottonelli (abottonelli_at_libero.it)
Date: 10/20/03
- Previous message: Meritt James: "Re: POP3 passwords"
- In reply to: Alessandro Bottonelli: "Patching"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: Patching"
- Reply: Ansgar -59cobalt- Wiechers: "Re: Patching"
- Reply: gregh: "Re: Patching"
- Reply: Raoul Armfield: "RE: Patching"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: security-basics@securityfocus.com Date: Mon, 20 Oct 2003 23:40:05 +0200
OK, so the main idea I get from the list is: a known hole is fixed and the
others are (for the moment) unknown. Therefore, patching is a good idea.
Hmmmm. I am not convinced yet that all this makes sense from a "wider"
security perspective. Must a vulnerability / hole be known to be a risk?
Security risks do not all come from "out there" and "bad guys" trying to
exploit a vulnerability. System errors, data loss may very well occur from
holes that are very unknown (or very honest operators that make mistakes).
Once I get a very well oiled and stable infrastructure, I personally suffer
everytime I have to disturb that balance. There's a lot of interdependability
among the various elements of the whole system. Application X at release n.m
needs Middleware Y at release j.k that in turn requires OS Z at release l.m
that in turn.... everytime I touch something I feel that I have no control
(but that could be just me) of where the ripples are going to end up to.
In such a interdependable environment, even if I assume that I have increased
the level of security of one element by patching, I am not convinced that I
can say I have increased the security level of the whole.
Sorry if I cannot at the moment phrase it correctly, but there is a loophole
in the "patching is necessarly good" axiom that I cannot grasp entirely.
Hmmm, this morning caffeine is not gone yet, huh?
-- Alessandro Bottonelli --------------------------------------------------------------------------- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ----------------------------------------------------------------------------
- Previous message: Meritt James: "Re: POP3 passwords"
- In reply to: Alessandro Bottonelli: "Patching"
- Next in thread: Ansgar -59cobalt- Wiechers: "Re: Patching"
- Reply: Ansgar -59cobalt- Wiechers: "Re: Patching"
- Reply: gregh: "Re: Patching"
- Reply: Raoul Armfield: "RE: Patching"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
