Security Basics mailing list archives
RE: Upptime report tools?
From: "Prodigi Child" <prodigi.child () gmail com>
Date: Fri, 17 Oct 2008 12:44:40 -0500
Thanks :) On a related note, how often would you say Linux systems have security-related patches released? Since the answer is probably "it depends on the distro" - how about popular ones like Red Hat... I know plenty of HPUX and Red Hat sysadmins who don't even check except for maybe once or twice per year... -----Original Message----- From: Jon Kibler [mailto:Jon.Kibler () aset com] Sent: Friday, October 17, 2008 12:35 PM To: Prodigi Child Cc: security-basics () securityfocus com Subject: Re: Upptime report tools? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prodigi Child wrote:
Good question - Seeing a server up for more than 90 days may indicate that it does not have the most recent security patches. In fact, seeing a
server
up for more than X days after the 2nd Tuesday of the month (Patch Tuesday) may indicate that, depending on what patches were released by MS that
month.
I've never really though of that but that would be a great way of
gathering
info for potential exploits without running a vulnerability scan on a server... good idea!
BINGO! Exactly the points I was trying to get across!! Any Windows server that has been up for more than a month probably does not have all the latest kernel security patches applied. Any *nix server that has been up for more than 90 days probably does not have all the latest kernel security patches applied. So, if you have to reboot each Windows box at least once a month, you cannot possibly achieve 99.999% availability. If you have to shut your Unix (e.g., Solaris) box down to single user mode to patch the kernel, and even if you only do so once a quarter, you cannot possibly achieve 99.999% availability. And, for Linux, if you have to reboot a couple of times a quarter to load a new kernel, you cannot possibly achieve 99.999% availability. Now, the lesson here is not that 99.999% availability cannot be achieved, because it can! The lesson is to be careful how you define your 5-9s of availability. This is why we have clusters, load balancers, and other redundancy technologies -- so that 5-9s (or better) of availability can be achieved. Just be sure that when you start to define what constitutes 5-9s in your organization, you do so based on the availability of SERVICE, and NOT on the availability of a SYSTEM! Bottom line: It is simply not possible to have 5-9s of SYSTEM availability and still be secure. BTW, congratulations on the first to demonstrate 'having a clue!' Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler My PGP Fingerprint is: BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkj4zKcACgkQUVxQRc85QlMgGgCfY2iFsHkIshDDmIDwHx8ZN5vx psMAnRrsr6M8aJ3fxmonKhkd0t3A7Rzl =qE3B -----END PGP SIGNATURE----- ================================================== Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Current thread:
- Re: Security Audit & pen testing fnial report, (continued)
- Re: Security Audit & pen testing fnial report Joey Peloquin (Oct 21)
- RE: Security Audit & pen testing fnial report Erin Carroll (Oct 22)
- Message not available
- Enumeration - determining Firewall/Router address Michael Condon (Oct 21)
- Re: Enumeration - determining Firewall/Router address Shreyas Zare (Oct 22)
- Re: Enumeration - determining Firewall/Router address Michael Condon (Oct 22)
- Re: Enumeration - determining Firewall/Router address Ansgar Wiechers (Oct 22)
- RE: Upptime report tools? Prodigi Child (Oct 17)
- Re: Upptime report tools? Jon Kibler (Oct 17)
- RE: Upptime report tools? Prodigi Child (Oct 17)
- Re: Upptime report tools? Jon Kibler (Oct 17)
- Re: Upptime report tools? Michael Painter (Oct 20)
- Re: Upptime report tools? rihelp (Oct 20)
- RE: Upptime report tools? Basha, Arif (Oct 20)
- Re: Upptime report tools? Jim Parkhurst (Oct 20)