Re: MS Patches Management software: SUS vs 3rd party
From: Ansgar -59cobalt- Wiechers (bugtraq_at_planetcobalt.net)
Date: 10/28/03
- Previous message: Mike: "RE: Personal Firewall for Business use"
- In reply to: Andres Martinez: "MS Patches Management software: SUS vs 3rd party"
- Next in thread: Charles Otstot: "Re: MS Patches Management software: SUS vs 3rd party"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Oct 2003 11:48:35 +0100 To: security-basics@securityfocus.com
On 2003-10-27 Andres Martinez wrote:
> 125 servers: 80% Windows 2000 - 20 % Windows NT 4.0 (They are planning
> to get rid of NT servers soon) All servers on same physical location.
> There is no central administration of servers: Server managment
> provided for different people with different Technical skills. Hard to
> get control. Few IT resources.
> By default Windows installations = High risk of security problems.
> Lack of security policies for server management and security.
> Very reactive to solve problems.
> Lack of software or scripts to automatize processes like patches
> deployment. They already have had serious problems due to virus like
> welchia and blaster who exploit know security vulnerabilities.
> Corporate Symantec antivirus used for virus protection, but not
> installed on all servers, problems with antivirus updates on some
> servers. It is hard to obtain approval for reboot servers due to
> mission critical role and business nature (healthcare industry), so
> minimun downtime is required. What would you use ?
I wouldn't do automatic updates on servers at all. A better approach
(IMHO) would be to subdivide the servers into groups (based on the
functionality they provide) and have an Administrator being responsible
for each group of servers. Keep in mind that just patching is *not*
sufficient as long as the servers are wide open (I read "default Windows
installations" that way) and you don't have at least some kind of
security policy.
Since you're saying that at least some servers are considered mission
critical, clustering may be an option to increase availability. This has
the additional advantage that you can patch and reboot single servers
without the service becoming unavailable.
Just a few thoughts.
Regards
Ansgar Wiechers
---------------------------------------------------------------------------
Forum Systems PRESIDIO: PGP / XML GATEWAY APPLIANCE
The Presidio integrates PGP data encryption and XML Web Services security to
simplify the management and deployment of PGP and reduce overall PGP costs
by up to 80%.
FREE WHITEPAPER & 30 Day Trial -
http://www.securityfocus.com/sponsor/ForumSystems_security-basics_031027
----------------------------------------------------------------------------
- Previous message: Mike: "RE: Personal Firewall for Business use"
- In reply to: Andres Martinez: "MS Patches Management software: SUS vs 3rd party"
- Next in thread: Charles Otstot: "Re: MS Patches Management software: SUS vs 3rd party"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
