RE: Upptime report tools?

["Prodigi Child" <prodigi.child () gmail com>]

Thanks :)

On a related note, how often would you say Linux systems have
security-related patches released? Since the answer is probably "it depends
on the distro" - how about popular ones like Red Hat... I know plenty of
HPUX and Red Hat sysadmins who don't even check except for maybe once or
twice per year...

-----Original Message-----
From: Jon Kibler [mailto:Jon.Kibler () aset com] 
Sent: Friday, October 17, 2008 12:35 PM
To: Prodigi Child
Cc: security-basics () securityfocus com
Subject: Re: Upptime report tools?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Prodigi Child wrote:
> Good question - Seeing a server up for more than 90 days may indicate that
> it does not have the most recent security patches. In fact, seeing a
server
> up for more than X days after the 2nd Tuesday of the month (Patch Tuesday)
> may indicate that, depending on what patches were released by MS that
month.
> I've never really though of that but that would be a great way of
gathering
> info for potential exploits without running a vulnerability scan on a
> server... good idea!

BINGO! Exactly the points I was trying to get across!!

Any Windows server that has been up for more than a month probably does
not have all the latest kernel security patches applied.

Any *nix server that has been up for more than 90 days probably does not
have all the latest kernel security patches applied.

So, if you have to reboot each Windows box at least once a month, you
cannot possibly achieve 99.999% availability. If you have to shut your
Unix (e.g., Solaris) box down to single user mode to patch the kernel,
and even if you only do so once a quarter, you cannot possibly achieve
99.999% availability. And, for Linux, if you have to reboot a couple of
times a quarter to load a new kernel, you cannot possibly achieve
99.999% availability.


Now, the lesson here is not that 99.999% availability cannot be
achieved, because it can! The lesson is to be careful how you define
your 5-9s of availability. This is why we have clusters, load balancers,
and other redundancy technologies -- so that 5-9s (or better) of
availability can be achieved. Just be sure that when you start to define
what constitutes 5-9s in your organization, you do so based on the
availability of SERVICE, and NOT on the availability of a SYSTEM!

Bottom line: It is simply not possible to have 5-9s of SYSTEM
availability and still be secure.

BTW, congratulations on the first to demonstrate 'having a clue!'

Jon
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224
http://www.linkedin.com/in/jonrkibler

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkj4zKcACgkQUVxQRc85QlMgGgCfY2iFsHkIshDDmIDwHx8ZN5vx
psMAnRrsr6M8aJ3fxmonKhkd0t3A7Rzl
=qE3B
-----END PGP SIGNATURE-----




==================================================
Filtered by: TRUSTEM.COM's Email Filtering Service
http://www.trustem.com/
No Spam. No Viruses. Just Good Clean Email.