Security Basics mailing list archives
Re: Upptime report tools?
From: Jon Kibler <Jon.Kibler () aset com>
Date: Fri, 17 Oct 2008 13:34:31 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prodigi Child wrote:
Good question - Seeing a server up for more than 90 days may indicate that it does not have the most recent security patches. In fact, seeing a server up for more than X days after the 2nd Tuesday of the month (Patch Tuesday) may indicate that, depending on what patches were released by MS that month. I've never really though of that but that would be a great way of gathering info for potential exploits without running a vulnerability scan on a server... good idea!
BINGO! Exactly the points I was trying to get across!! Any Windows server that has been up for more than a month probably does not have all the latest kernel security patches applied. Any *nix server that has been up for more than 90 days probably does not have all the latest kernel security patches applied. So, if you have to reboot each Windows box at least once a month, you cannot possibly achieve 99.999% availability. If you have to shut your Unix (e.g., Solaris) box down to single user mode to patch the kernel, and even if you only do so once a quarter, you cannot possibly achieve 99.999% availability. And, for Linux, if you have to reboot a couple of times a quarter to load a new kernel, you cannot possibly achieve 99.999% availability. Now, the lesson here is not that 99.999% availability cannot be achieved, because it can! The lesson is to be careful how you define your 5-9s of availability. This is why we have clusters, load balancers, and other redundancy technologies -- so that 5-9s (or better) of availability can be achieved. Just be sure that when you start to define what constitutes 5-9s in your organization, you do so based on the availability of SERVICE, and NOT on the availability of a SYSTEM! Bottom line: It is simply not possible to have 5-9s of SYSTEM availability and still be secure. BTW, congratulations on the first to demonstrate 'having a clue!' Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj4zKcACgkQUVxQRc85QlMgGgCfY2iFsHkIshDDmIDwHx8ZN5vx psMAnRrsr6M8aJ3fxmonKhkd0t3A7Rzl =qE3B -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Current thread:
- Re: Security Audit & pen testing fnial report, (continued)
- Re: Security Audit & pen testing fnial report Ulisses Castro (thebug) (Oct 22)
- Re: Security Audit & pen testing fnial report Joey Peloquin (Oct 21)
- RE: Security Audit & pen testing fnial report Erin Carroll (Oct 22)
- Message not available
- Enumeration - determining Firewall/Router address Michael Condon (Oct 21)
- Re: Enumeration - determining Firewall/Router address Shreyas Zare (Oct 22)
- Re: Enumeration - determining Firewall/Router address Michael Condon (Oct 22)
- Re: Enumeration - determining Firewall/Router address Ansgar Wiechers (Oct 22)
- RE: Upptime report tools? Prodigi Child (Oct 17)
- Re: Upptime report tools? Jon Kibler (Oct 17)
- RE: Upptime report tools? Prodigi Child (Oct 17)
- Re: Upptime report tools? Jon Kibler (Oct 17)
- Re: Upptime report tools? Michael Painter (Oct 20)
- Re: Upptime report tools? rihelp (Oct 20)
- RE: Upptime report tools? Basha, Arif (Oct 20)
- Re: Upptime report tools? Jim Parkhurst (Oct 20)