Virus.Org IT Security News and Information Portal. We offer the latest IT security news, updates, product reviews, books, and articles for all you IT security professionals out there. Enter and get the best IT security information on the Internet.

 
. Welcome to the Virus.Org Mailing List Archive  
.
.


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]


RE: Not patching clients??
.

  • To: "Patch Management Mailing List" <[EMAIL PROTECTED]>
  • Subject: RE: Not patching clients??
  • From: "Dean, Bill" <[EMAIL PROTECTED]>
  • Date: Fri, 30 Apr 2004 09:27:44 -0400
  • Reply-to: "Patch Management Mailing List" <[EMAIL PROTECTED]>
  • Thread-index: AcQuHzf4UdUwWIRaRsSCKxaMoW/3mgAD6HOAACHKWSA=
  • Thread-topic: Not patching clients??
.
 
I can confirm the nightmare of not patching clients. We have a modestly
secure perimeter. When Blaster came out, our server group patched all
350 servers in about a week. The organization drug their feet on
committing the resources to patch our 5000 clients and we did not have
SUS running on SMS yet. We had a "shove it down your throat and reboot
whether you like it or not" SMS package scheduled to go out on Thursday
at noon to all clients. Nachi hit us Thursday morning at 7:30am. A very
large Healthcare organization was down for 3 days. Lesson learned?
Maybe..Maybe not. My responsibility is primarily servers, It seems like
I still have to spend days convincing people we need to send out roll-up
packages using SUS and we don't have time for a month of testing. Things
are getting better though.

Long story short.. If you can't patch everything at one time, patch your
servers first and be prepared to take all of them off the network to
protect your data if an outbreak occurs. Then address your clients.


Bill Dean, MCSE 2000/NT4.0, CNA, CCA
Operating Systems Analyst


-----Original Message-----
From: Matthew L. McGuirl [mailto:[EMAIL PROTECTED] 
Sent: Thursday, April 29, 2004 5:34 PM
To: Patch Management Mailing List
Subject: RE: Not patching clients??

Robert,

Wow. What a nightmare scenario. If anyone in your organization has a
laptop and you have a DHCP server that will hand out IP addresses to all
who ask for one, it's just a matter of time before the fit hits the
shan.

As Slammer taught us, many networks, even those belonging to first
responders, are connected to the internet in unforeseen ways. The notion
of "protect the perimeter and pray for everything else" is ancient
history. Perimeters are porous and prayer doesn't hurt but it won't keep
your stuff safe.

There are vendors who address internal security in novel and very
practical ways. The one I suggest you check out is MetaInfo. They make
tools which make sure that every IP address that gets allocated is going
to a machine which meets specific authentication criteria. 

http://www.metainfo.com/ 

Cheers,

Matt McGuirl
Lucid Security



---
To unsubscribe send a blank email to
[EMAIL PROTECTED]

---
To unsubscribe send a blank email to [EMAIL PROTECTED]
 
.
.
 
Copyright (c) Virus.Org 1997-2006.
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.