Security Basics mailing list archives
Re: Upptime report tools?
From: "Michael Painter" <tvhawaii () shaka com>
Date: Fri, 17 Oct 2008 11:20:08 -1000
Thanks :) On a related note, how often would you say Linux systems have security-related patches released? Since the answer is probably "it depends on the distro" - how about popular ones like Red Hat... I know plenty of HPUX and Red Hat sysadmins who don't even check except for maybe once or twice per year...
http://secunia.com/advisories/product/OS_R/#list
-----Original Message-----From: Jon Kibler [mailto:Jon.Kibler () aset com] Sent: Friday, October 17, 2008 12:35 PMTo: Prodigi Child Cc: security-basics () securityfocus com Subject: Re: Upptime report tools? -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Prodigi Child wrote:Good question - Seeing a server up for more than 90 days may indicate that it does not have the most recent security patches. In fact, seeing aserverup for more than X days after the 2nd Tuesday of the month (Patch Tuesday) may indicate that, depending on what patches were released by MS thatmonth.I've never really though of that but that would be a great way ofgatheringinfo for potential exploits without running a vulnerability scan on a server... good idea!BINGO! Exactly the points I was trying to get across!! Any Windows server that has been up for more than a month probably does not have all the latest kernel security patches applied. Any *nix server that has been up for more than 90 days probably does not have all the latest kernel security patches applied. So, if you have to reboot each Windows box at least once a month, you cannot possibly achieve 99.999% availability. If you have to shut your Unix (e.g., Solaris) box down to single user mode to patch the kernel, and even if you only do so once a quarter, you cannot possibly achieve 99.999% availability. And, for Linux, if you have to reboot a couple of times a quarter to load a new kernel, you cannot possibly achieve 99.999% availability. Now, the lesson here is not that 99.999% availability cannot be achieved, because it can! The lesson is to be careful how you define your 5-9s of availability. This is why we have clusters, load balancers, and other redundancy technologies -- so that 5-9s (or better) of availability can be achieved. Just be sure that when you start to define what constitutes 5-9s in your organization, you do so based on the availability of SERVICE, and NOT on the availability of a SYSTEM! Bottom line: It is simply not possible to have 5-9s of SYSTEM availability and still be secure. BTW, congratulations on the first to demonstrate 'having a clue!' Jon - -- Jon R. Kibler Chief Technical Officer Advanced Systems Engineering Technology, Inc. Charleston, SC USA o: 843-849-8214 c: 843-224-2494 s: 843-564-4224 http://www.linkedin.com/in/jonrkibler
Current thread:
- Enumeration - determining Firewall/Router address, (continued)
- Message not available
- Enumeration - determining Firewall/Router address Michael Condon (Oct 21)
- Re: Enumeration - determining Firewall/Router address Shreyas Zare (Oct 22)
- Re: Enumeration - determining Firewall/Router address Michael Condon (Oct 22)
- Re: Enumeration - determining Firewall/Router address Ansgar Wiechers (Oct 22)
- RE: Upptime report tools? Prodigi Child (Oct 17)
- Re: Upptime report tools? Jon Kibler (Oct 17)
- RE: Upptime report tools? Prodigi Child (Oct 17)
- Re: Upptime report tools? Jon Kibler (Oct 17)
- Re: Upptime report tools? Michael Painter (Oct 20)
- Re: Upptime report tools? rihelp (Oct 20)
- RE: Upptime report tools? Basha, Arif (Oct 20)
- Re: Upptime report tools? Jim Parkhurst (Oct 20)