Security Basics mailing list archives
RE: Patching
From: "Tran, John" <John.Tran () unisys com>
Date: Wed, 22 Oct 2003 13:28:34 -0400
I agree with Jason. First there has to be a reason to patch. You should not just go ahead and patch a machine without doing some good analysis. -----Original Message----- From: Gunnoe, Jason [mailto:Jason.Gunnoe () thomson com] Sent: Wednesday, October 22, 2003 9:54 AM To: Meritt James; security-basics () securityfocus com Subject: RE: Patching Mitigation of risk is the key here. Don't patch without reason. -----Original Message----- From: Meritt James [mailto:meritt_james () bah com] Sent: Monday, October 20, 2003 4:38 PM To: security-basics () securityfocus com Subject: Re: Patching On Mon, Oct 20, 2003 at 10:12:29AM +0200, Alessandro Bottonelli wrote:
A thought has been crossing my mind for a long time, I'd like to
confront it
with the list. In the "old days" a patch and/or fix was defined as "something that
closes a
known hole and opens ten unknown holes" :-) Yet, literature and common
practices keep saying we should maintain our systems and network
appliances
up to date with the last patches / software releases. WHY should I feel safer that way? How can I tell Rev. 1.3 is any
better
(security-wise) than Rev. 1.2 ? Is the cost (financial and others) of
change
management worth it? If so, how can I measure such worthness? -- Alessandro Bottonelli
A journey of a thousand miles starts with a single step. (10,000 -1) is less than 10,000. "Safer" is not "safe". As long as you are thinking, include that in your "why" considerations. -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 ------------------------------------------------------------------------ --- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310 21 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- Re: Patching, (continued)
- Re: Patching Alessandro Bottonelli (Oct 20)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- Re: Patching Alessandro Bottonelli (Oct 21)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 22)
- RE: Patching Graydon McKee (Oct 22)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- Re: Patching Alessandro Bottonelli (Oct 20)
- Re: Patching gregh (Oct 21)
- RE: Patching Raoul Armfield (Oct 21)
- RE: Patching wbradd (Oct 22)
- audit (was: Re: Patching Meritt James (Oct 27)