RE: Windows patch mgmt.

From: Daszczyszak, Roman L. SPC (1AD 501 MI BN ACE IMO) (roman.daszczyszak_at_1ADTACM.1AD.ARMY.MIL)
Date: 06/24/04

  • Next message: Dan Margolis: "Re: antivirus for linux"
    To: security-basics@securityfocus.com
    Date: Thu, 24 Jun 2004 13:45:46 +0400
    
    

    Bob,
            You could point specific 'testing' servers to update their patches
    from a MS SUS (Software Update Services) server, then test the patches by
    pushing them out via SUS. Checking to make sure they installed correctly,
    use MBSA (Microsoft Baseline Security Analyzer) it can do groups of
    machines.. so you could target the testing servers, observe their behavior
    and decide whether to push the patch out to everyone.

    Best of all, both tools are free.

    HTH,
    Roman

    SUS download:
    http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-
    972C-AE66A4E4BF6C&displaylang=en

    MBSA download:
    http://www.microsoft.com/technet/security/tools/mbsahome.mspx

    > -----Original Message-----
    > From: bob martin [mailto:bobmartin_613@hotmail.com]
    > Sent: Tuesday, June 15, 2004 10:41 AM
    > To: security-basics@securityfocus.com
    > Subject: Windows patch mgmt.
    >
    >
    > Hello all.
    > Basic patching question for you.
    >
    > We have a small environment (approx. 300 desktops and 50
    > servers) and the
    > question has come up how do we test all desktops/servers
    > after a windows
    > patch has been installed. Given that the networking/desktop
    > team consists
    > of 6 people, I'm a bit stumped on how we can do this
    > efficiently. We use
    > St. Bernard's Update Expert to push out the patches and to
    > verify they've
    > been installed.
    >
    > Currently we push to a QA environment and let it soak for a
    > week or two
    > while it's being used for it's normal functions. The concern
    > is if the
    > server isn't being used for testing, then we may push a patch to a
    > production server without it being "tested."
    >
    > Any suggestions would be very welcomed. Any more, there's so
    > many windows
    > patches that it's almost a full time job for one person to
    > manage them.
    >
    > Thanks.
    > Bob
    >
    > _________________________________________________________________
    > Is your PC infected? Get a FREE online computer virus scan
    > from McAfeeŽ
    > Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
    >
    >
    > --------------------------------------------------------------
    > -------------
    > Ethical Hacking at the InfoSec Institute. Mention this ad and
    > get $545 off
    > any course! All of our class sizes are guaranteed to be 10
    > students or less
    > to facilitate one-on-one interaction with one of our expert
    > instructors.
    > Attend a course taught by an expert instructor with years of
    > in-the-field
    > pen testing experience in our state of the art hacking lab. Master the
    > skills
    > of an Ethical Hacker to better assess the security of your
    > organization.
    > Visit us at:
    > http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    > --------------------------------------------------------------
    > --------------
    >
    >
    > IMPORTANT: The security of electronic mail sent through the
    > Internet
    > is not guaranteed. Legg Mason therefore recommends that you do not
    > send confidential information to us via electronic mail,
    > including social
    > security numbers, account numbers, and personal
    > identification numbers.
    >
    > Delivery, and timely delivery, of electronic mail is also not
    > guaranteed. Legg Mason therefore recommends that you do not
    > send time-sensitive
    > or action-oriented messages to us via electronic mail, including
    > authorization to "buy" or "sell" a security or instructions
    > to conduct any
    > other financial transaction. Such requests, orders or
    > instructions will
    > not be processed until Legg Mason can confirm your instructions or
    > obtain appropriate written documentation where necessary.
    >
    >

    ---------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ----------------------------------------------------------------------------


  • Next message: Dan Margolis: "Re: antivirus for linux"