Re: Automated Patching and Updates?

["Tavakoli, Rooz" <tavakoli () SUSQU EDU>]

Here at Susquehanna U., (stu. pop. 1900, pc pop. 2400) we installed Deep
Freeze last summer on all of lab machines in our mediated classrooms and our
computer labs.  We did that after educating the community that users could
not save data on the hard drive of the PCs they were using in those setting.
With Deep Freeze, when a machine is showing signs of worm/virus infection
all the lab monitors have to do is to reboot it!

NAV is available as a network resource with the latest patches.  Our
twice-a-week E-newsletter points users to that site so they can download the
fixes.  It appears that the user community takes the matter seriously as we
don't have to decontaminate too many machines every month.

The faculty appreciated the fact that they did not have to cancel a single
class scheduled in our smart classrooms or computer labs because of
Blaster(s).  It was a relief for IT not to have to deal with that
constituency when we had our hands full with new and returning students'
infected PCs.

Roozbeh Tavakoli, Director
Office of Information Technology
Susquehanna University
Selinsgrove, PA 17870
570-372-4247

-----Original Message-----
From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU]
Sent: Thursday, September 25, 2003 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Automated Patching and Updates?


Given all of the recent worm activity, etc., it seems timely to gather some
information from you folks regarding what you are already doing - or
planning to do - in terms of pushing updates and patches out to your user
communities in a way that is not too "intrusive". We all work in diverse
environments where many of our users are also sensitive to having someone
else "touch" their machines. Yet it seems a losing battle to continue to
manually update workstations in some areas when they are being automatically
attacked in very sophisticated ways.

Can you folks please share with us:

1)  What you are already doing now - in terms of pushing or automating
patching or updates?

2)  What you are evaluating or looking at for doing this kind of thing - and
in what areas of your environment?

3)  What technologies you are familiar with and what platforms the solutions
support?

Thanks much! I am willing to summarize the input I receive if I get enough
good feedback...

Connie J. Sadler, CM, CISSP, CISM
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
PGP Fingerprint: 452A C178 1450 9CE1 3AC1  CC12 956F 2C55 DB94 A9C7
Office: 401-863-7266

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.