Security Basics mailing list archives
Patch Management
From: "kevin fielder" <kevin.fielder () gmail com>
Date: Fri, 20 Apr 2007 16:27:53 +0100
Hi With regards to WSUS - If you think about it, it's not that bad - clients only request the patches they require, so don't actually get all patches. The volume of data sored on your WSUS server will depend on which systems you have told it to download patches for (e.g various windows versions, various office apps, sql server etc.). It's also worth noting that you can control the speed at which the clients download the patches (down to 2kb / second) and have different settings based on time - e.g. allow clients to download faster overnight. The randomness over which the clients choose to download a patch can also be controlled to reduce the number downloading at the same time. Aother approach is to use OU's to cause clients to download the patches on different days after they are released - perhaps testing machines day 1, group 1 day 3, group 2 day 4 etc. We are currently moving to a centralised WSUS solution covering 10s of thousands of machines over a variety of WAN links with no issues so far. I would also imagine any system that stores historical patches for all the O/S's and applications that it stores will eat disk space over time. For a product that is free if you use microsoft servers I think WSUS is pretty good, yes there are more flexible solutions out there, but it does the job reasonably well. Cheers Kevin -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Sec Melis Sent: 20 April 2007 05:13 To: security-basics () securityfocus com Subject: Re: Patch Management Have you guys check your disk space used by WSUS? Surprisingly, my WSUS eats more than 26 GB space for last 2 years! Imagine, how many bandwidth resources was consumed during that time if it's distributed across, let's say 30 WSUS relays and 8000 clients for one medium company ...... Duh dear uncle Bill ...... Arif Jatmoko ----- Original Message ----- From: <visitnikhil () gmail com> To: <security-basics () securityfocus com> Sent: Friday, April 20, 2007 9:47 AM Subject: Re: Patch Management
Hello Donald Shroyer, One of the recommended solution for patch management in Windows based environment is WSUS. For further information visit: http://www.microsoft.com/windowsserversystem/updateservices/ Its free to download and easy to use and deploy. -- Nikhil Wagholikar Security Analyst NII Consulting Web: www.niiconsulting.com
Current thread:
- RE: Patch Management, (continued)
- RE: Patch Management Weir, Jason (Apr 19)
- RE: Patch Management Nick Duda (Apr 19)
- RE: Patch Management Chinnery, Paul (Apr 19)
- Re: Patch Management krymson (Apr 19)
- RE: Patch Management Nick Duda (Apr 19)
- RE: Patch Management Bill Higgins (Apr 19)
- RE: Patch Management Petter Bruland (Apr 20)
- RE: Patch Management Warren, John (Apr 20)
- RE: Patch Management Petter Bruland (Apr 20)
- Re: Patch Management visitnikhil (Apr 19)
- Re: Patch Management Sec Melis (Apr 19)
- Message not available
- Patch Management kevin fielder (Apr 20)
- RE: Patch Management Devin Rambo (Apr 20)
- RE: Patch Management Nick Duda (Apr 20)
- Re: Patch Management SecMelis (Apr 23)
- Re: Patch Management modversion (Apr 25)
- Re: Patch Management Sec Melis (Apr 19)