Security Basics mailing list archives
RE: Windows patch mgmt.
From: "Daszczyszak, Roman L. SPC (1AD 501 MI BN ACE IMO)" <roman.daszczyszak () 1ADTACM 1AD ARMY MIL>
Date: Thu, 24 Jun 2004 13:45:46 +0400
Bob,
You could point specific 'testing' servers to update their patches
from a MS SUS (Software Update Services) server, then test the patches by
pushing them out via SUS. Checking to make sure they installed correctly,
use MBSA (Microsoft Baseline Security Analyzer) it can do groups of
machines.. so you could target the testing servers, observe their behavior
and decide whether to push the patch out to everyone.
Best of all, both tools are free.
HTH,
Roman
SUS download:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A7AA96E4-6E41-4F54-
972C-AE66A4E4BF6C&displaylang=en
MBSA download:
http://www.microsoft.com/technet/security/tools/mbsahome.mspx
-----Original Message----- From: bob martin [mailto:bobmartin_613 () hotmail com] Sent: Tuesday, June 15, 2004 10:41 AM To: security-basics () securityfocus com Subject: Windows patch mgmt. Hello all. Basic patching question for you. We have a small environment (approx. 300 desktops and 50 servers) and the question has come up how do we test all desktops/servers after a windows patch has been installed. Given that the networking/desktop team consists of 6 people, I'm a bit stumped on how we can do this efficiently. We use St. Bernard's Update Expert to push out the patches and to verify they've been installed. Currently we push to a QA environment and let it soak for a week or two while it's being used for it's normal functions. The concern is if the server isn't being used for testing, then we may push a patch to a production server without it being "tested." Any suggestions would be very welcomed. Any more, there's so many windows patches that it's almost a full time job for one person to manage them. Thanks. Bob _________________________________________________________________ Is your PC infected? Get a FREE online computer virus scan from McAfee® Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 -------------------------------------------------------------- ------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------- -------------- IMPORTANT: The security of electronic mail sent through the Internet is not guaranteed. Legg Mason therefore recommends that you do not send confidential information to us via electronic mail, including social security numbers, account numbers, and personal identification numbers. Delivery, and timely delivery, of electronic mail is also not guaranteed. Legg Mason therefore recommends that you do not send time-sensitive or action-oriented messages to us via electronic mail, including authorization to "buy" or "sell" a security or instructions to conduct any other financial transaction. Such requests, orders or instructions will not be processed until Legg Mason can confirm your instructions or obtain appropriate written documentation where necessary.
--------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- RE: Windows patch mgmt., (continued)
- RE: Windows patch mgmt. Britton, Jeff B. (Jun 21)
- RE: Windows patch mgmt. Depp, Dennis M. (Jun 22)
- Re: Windows patch mgmt. Murad Talukdar (Jun 23)
- Re: Windows patch mgmt. pingywon MCSE (Jun 23)
- RE: Windows patch mgmt. Paul Ryan (Jun 24)
- RE: Windows patch mgmt. Kymer, Daniel (Jun 23)
- RE: Windows patch mgmt. Depp, Dennis M. (Jun 23)
- Re: RE: Windows patch mgmt. Warren V Camp (Jun 23)
- RE: Windows patch mgmt. Depp, Dennis M. (Jun 23)
- Re: Windows patch mgmt. Ansgar -59cobalt- Wiechers (Jun 25)
- RE: Windows patch mgmt. Daszczyszak, Roman L. SPC (1AD 501 MI BN ACE IMO) (Jun 24)
- RE: Windows patch mgmt. Dan Denton (Jun 24)
- RE: Windows patch mgmt. Robinson, Sonja (Jun 25)