Security Basics mailing list archives

RE: SUS server

From: "Dave Gonsalves" <dgonsalves () eagleinvsys com>
Date: Fri, 8 Apr 2005 13:36:36 -0400

Your users should never have anything to do with security patching...
And in the event you do need to give users local admin rights, as I do
in my development environment, use a 3rd party tool to deploy the
patches. I use one that pushes them out when I choose and installs them
in the background. The end user has no idea when they are installed.
Then I schedule a reboot for late night on the weekend. 


David Gonsalves
Security Officer
Eagle Investment Systems


************************ 
PRIVILEGED AND CONFIDENTIAL: This communication, including attachments,
is for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution
is strictly prohibited.  If you are not the intended recipient, please
notify the sender immediately by return e-mail, delete this
communication and destroy all copies.


-----Original Message-----
From: Paris E. Stone [mailto:pstone () alhurra com] 
Sent: Thursday, April 07, 2005 12:58 PM
To: Raoul Armfield; Chinnery, Paul
Cc: security-basics () securityfocus com
Subject: RE: SUS server

Drop the local admin rights, as a previous poster said.  All that is, is
more work for you.

What requirement is in place that gives them local admin rights?

~~~~~
Paris E. Stone, "Linux Zealot"
CISSP, CCNP, CNE, MCSE
~~~~~
The only thing necessary for the triumph of evil, is for good men to do
nothing.
- Edmund Burke
 

-----Original Message-----
From: Raoul Armfield [mailto:armfield () amnh org]
Sent: Thursday, April 07, 2005 11:14 AM
To: Chinnery, Paul
Cc: security-basics () securityfocus com
Subject: Re: SUS server

Chinnery, Paul wrote:

Why rely on the users to install the patches?  I set mine up to auto

install and reboot the system (I set mine to go at 3 AM).  Course, since
it's a hospital environment, there are some machines that have to be
done manually.

That is exactly my question.  I do NOT want to rely on the users to
install the patches.  However, if they are local admins they are
prompted to install and they can opt not to either through action or a
lack thereof.  I was hoping for a way to force the update even if they
users are local admins.

-- 
Raoul Armfield
Support Specialist
IT-Call Center
armfield at amnh dot org
American Museum of Natural History
Central Park West at 79th Street
New York, New York 10024-5192
(212) 313-7258

5152 1277 A04B 04C2 BBE4
3EE8 8369 3541 8B93 42DA

------------------------------------------------------------------------
---
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information
security 
professionals.  Norwich University is fulfilling this demand with its MS
in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn
your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
------------------------------------------------------------------------
----




------------------------------------------------------------------------
---
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information
security 
professionals.  Norwich University is fulfilling this demand with its MS
in 
Information Security offered online.  Recognized by the NSA as an 
academically excellent program, NU offers you the opportunity to earn
your 
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
------------------------------------------------------------------------
----



---------------------------------------------------------------------------
Earn your MS in Information Security ONLINE
Organizations worldwide are in need of highly qualified information security
professionals.  Norwich University is fulfilling this demand with its MS in
Information Security offered online.  Recognized by the NSA as an
academically excellent program, NU offers you the opportunity to earn your
degree without disrupting your home or work life.

http://www.msia.norwich.edu/secfocus_en
----------------------------------------------------------------------------

Current thread:

RE: SUS server, (continued)
- RE: SUS server Paris E. Stone (Apr 08)
  - Re: SUS server Randy Williams (Apr 08)
- RE: SUS server hartmann (Apr 08)
- RE: SUS server Douglas Schlachta (Sr. Infrastructure Securty Analyst) (Apr 08)
- RE: SUS server Douglas Schlachta (Sr. Infrastructure Securty Analyst) (Apr 08)
  - RE: SUS server hartmann (Apr 08)
  - Re: SUS server Raoul Armfield (Apr 08)
    - RE: SUS server hartmann (Apr 11)
    - Re: SUS server Raoul Armfield (Apr 12)
    - RE: SUS server hartmann (Apr 13)
- RE: SUS server Dave Gonsalves (Apr 08)
- RE: SUS server Paris E. Stone (Apr 08)
- Re: SUS server Doug . Janelle (Apr 08)