Re: Patching

["David Lanagan" <DLanagan () sterlinginsurancegroup com>]

I know the feeling!  (not the rain, it's sunny but cold here in London)

We're being increasingly told to get patches on asap but we no longer have the time to actively test patches and 
updates before getting them onto production systems.  I think the main problems over the next few years will be getting 
corporate environements to understand the importance of these patches and devote the relative resource to them, I bet 
I'm not the only one here who's reputation (and career to an extent) is being dictated by the uptime, availability and 
security of systems that are not only inherently insecure but also don't give me adequate control of the process.

D.

________________________________________________________________________
Dave Lanagan
Lead  - Infrastructure Development
Tel: 020 8334 1548
Fax: 020 8948 0161
Mail: dlanagan () sterlinginsurancegroup com

> > > Alessandro Bottonelli <abottonelli () libero it> 10/20/03 09:12am >>>
A thought has been crossing my mind for a long time, I'd like to confront it 
with the list.

In the "old days" a patch and/or fix was defined as "something that closes a 
known hole and opens ten unknown holes" :-) Yet, literature and common 
practices keep saying we should maintain our systems and network appliances 
up to date with the last patches / software releases.

WHY should I feel safer that way? How can I tell Rev. 1.3 is any better 
(security-wise) than Rev. 1.2 ? Is the cost (financial and others) of change 
management worth it? If so, how can I measure such worthness?

Too much caffeine on a rainy Monday morning, in usually sunny Italy? :-)

-- 
Alessandro Bottonelli
www.axis-net.it 

---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 
----------------------------------------------------------------------------



The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential
and/or privileged material.  Any review, retransmission,
dissemination or other use of, or taking of anyaction in reliance
upon, this information by persons or entities other than the
intended recipient is prohibited. If you received this in error,
please contact the sender and delete the material from any
computer.  The views expressed in this message do not necessarily
reflect those of Sterling Insurance Group Ltd or any of its
subsidiary companies.


---------------------------------------------------------------------------
FREE Whitepaper: Better Management for Network Security

Looking for a better way to manage your IP security?
Learn how Solsoft can help you:
- Ensure robust IP security through policy-based management
- Make firewall, VPN, and NAT rules interoperable across heterogeneous
networks
- Quickly respond to network events from a central console

Download our FREE whitepaper at:
http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015
----------------------------------------------------------------------------