RE: Windows patch mgmt.

["Britton, Jeff B." <JBBritton () LMUS LeggMason com>]

Bob,
   Testing is always a problem with limited resources, although there are
tools such as HFNETCHECKPRO, ECORA...etc that can apply the Microsoft
patches very quickly.  Some tools have the technology to identify any
services that have stopped running after applying the patch.

   With 300 desktops and 50 servers, a tool like the ones mentioned above
would be fairly cheap and save an enourmous amount of time when applying
patches.  Give them a look.  (I recommend HFNetCheckPro from Shavlik,
although it ONLY supports the Windows environments.)

Jeff

-----Original Message-----
From: bob martin [mailto:bobmartin_613 () hotmail com]
Sent: Tuesday, June 15, 2004 10:41 AM
To: security-basics () securityfocus com
Subject: Windows patch mgmt.


Hello all.
Basic patching question for you.

We have a small environment (approx. 300 desktops and 50 servers) and the
question has come up how do we test all desktops/servers after a windows
patch has been installed.  Given that the networking/desktop team consists
of 6 people, I'm a bit stumped on how we can do this efficiently.  We use
St. Benard's Update Expert to push out the patches and to verify they've
been installed.

Currently we push to a QA environment and let it soak for a week or two 
while it's being used for it's normal functions.  The concern is if the 
server isn't being used for testing, then we may push a patch to a 
production server without it being "tested."

Any suggestions would be very welcomed.  Any more, there's so many windows
patches that it's almost a full time job for one person to manage them.

Thanks.
Bob

_________________________________________________________________
Is your PC infected? Get a FREE online computer virus scan from McAfee®
Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills 
of an Ethical Hacker to better assess the security of your organization.
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------


IMPORTANT:  The security of electronic mail  sent through the Internet 
is not guaranteed.  Legg Mason therefore recommends that you do not 
send confidential information to us via electronic mail, including social
security numbers, account numbers, and personal identification numbers.

Delivery, and timely delivery, of electronic mail is also not 
guaranteed.  Legg Mason therefore recommends that you do not send time-sensitive 
or action-oriented messages to us via electronic mail, including 
authorization to  "buy" or "sell" a security or instructions to conduct any 
other financial transaction.  Such requests, orders or instructions will
not be processed until Legg Mason can confirm your instructions or 
obtain appropriate written documentation where necessary.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------