 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
You might take a look at some of the info on this website to get familiar with Microsoft's Defense in Depth methodology, which can be applied to any technology. Remember, it only takes 1 open door to enter a building, same thing for your network. Remember Blaster... http://www.microsoft.com/technet/security/guidance/default.mspx Customers can reduce the risks associated with many of today's security threats by intelligently assessing their current systems and implementing suitable countermeasures. Microsoft understands that the deployment of security patches is becoming increasingly difficult for our customers. To help address this issue, Microsoft advocates the use of an defense in depth approach to security to protect against the increasing number of worms, viruses, and malicious attackers. An defense in depth approach involves applying countermeasures at every layer of the computing environment -from the perimeter routers and firewalls to the end users' personal computers running Microsoft Windows to reduce the impact of unpatched systems. A more detailed description of the defense in depth model can be found in the Security Content Overview. -----Original Message----- From: Paul Nelson [mailto:[EMAIL PROTECTED] Sent: Thursday, April 29, 2004 11:37 AM To: Patch Management Mailing List Subject: Not patching clients?? Hi group, Recently there has been talk in our IS group that patching clients is unnecessary and there will not be a dedicated person to research or resolve outstanding issues. We are primarily a Novell environment and have SUS running for a handful of systems, but that is about it. We can push out patches via ZEN, but this is only done in emergencies (think Blaster). Client-wise, that's absolutely scary. We do however have dedicated individuals to cover any server or back-office system, so we are not in trouble there. Our management's opinion is that network gear and the perimeter will take care of the business, so patching clients is irrelevant.. My question or issue to present to the group is how do you approach a situation when management considers it unnecessary to patch clients? Being a technical person I know the impacts, but of course things don't change even after everyone talks about it. We're in the situation where it almost takes a major exploit to wreck havoc and change opinions. I'm surprised that only the server people are interested in defending the patch issue and they are the only ones taking action. I know many people are (or were) in this situation. After reading the survey posting in the group earlier this morning, it does not shock me that many organizations have only one person to handle this. What do you do if you essentially have no one? I'd like to see other's opinions or unique viewpoints on this. Thanks, Paul Nelson Network Specialist Medical College of Ohio (419) 383-3638 [EMAIL PROTECTED] --- To unsubscribe send a blank email to [EMAIL PROTECTED] --- To unsubscribe send a blank email to [EMAIL PROTECTED]
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.