Re: Windows patch mgmt.

["Joe Polk" <listuser () javelinux com>]

SaintBernard UpdateExpert.

--
Open WebMail Project (http://openwebmail.org)


---------- Original Message -----------
From: "steve" <securityfocus () delahunty com>
To: "bob martin" <bobmartin_613 () hotmail com>, <security-basics () securityfocus com>
Sent: Tue, 22 Jun 2004 07:57:05 -0400
Subject: Re: Windows patch mgmt.

> I believe that PatchLink tests in their own environment prior to 
> pushing out patches, Microsoft or otherwise.  A product/vendor you 
> might consider.
>
> ----- Original Message ----- 
> From: "bob martin" <bobmartin_613 () hotmail com>
> To: <security-basics () securityfocus com>
> Sent: Tuesday, June 15, 2004 10:40 AM
> Subject: Windows patch mgmt.
>
> Hello all.
> Basic patching question for you.
>
> We have a small environment (approx. 300 desktops and 50 servers)
>  and the question has come up how do we test all desktops/servers 
> after a windows patch has been installed.  Given that the 
> networking/desktop team consists of 6 people, I'm a bit stumped on 
> how we can do this efficiently.  We use St. Benard's Update Expert 
> to push out the patches and to verify they've been installed.
>
> Currently we push to a QA environment and let it soak for a week or two
> while it's being used for it's normal functions.  The concern is if the
> server isn't being used for testing, then we may push a patch to a
> production server without it being "tested."
>
> Any suggestions would be very welcomed.  Any more, there's so many windows
> patches that it's almost a full time job for one person to manage them.
>
> Thanks.
> Bob
>
> _________________________________________________________________
> Is your PC infected? Get a FREE online computer virus scan from McAfee®
> Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get 
> $545 off any course! All of our class sizes are guaranteed to be 10 
> students or less to facilitate one-on-one interaction with one of 
> our expert instructors. Attend a course taught by an expert 
> instructor with years of in-the-field pen testing experience in our 
> state of the art hacking lab. Master the skills of an Ethical Hacker 
> to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
>
> ---------------------------------------------------------------------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and get 
> $545 off any course! All of our class sizes are guaranteed to be 10 
> students or less to facilitate one-on-one interaction with one of 
> our expert instructors. Attend a course taught by an expert 
> instructor with years of in-the-field pen testing experience in our 
> state of the art hacking lab. Master the skills of an Ethical Hacker 
> to better assess the security of your organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> ----------------------------------------------------------------------------
------- End of Original Message -------


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------