Educause Security Discussion mailing list archives
Re: Desktop patch management?
From: LaSandra DeLeon <ldeleon () MIRAPOINT COM>
Date: Fri, 12 Sep 2003 11:30:47 -0700
Is this a CIO forum related to Educause? How can I join? ~ LaSandra DeLeon -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU]On Behalf Of Ariel Silverstone Sent: Friday, September 12, 2003 11:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Desktop patch management? I just submitted a very similar question to the CIO forum. Will keep all informed of replies there. Thank you, Ariel Silverstone ---------------------------------------------------------------------------- -- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Eoghan Casey Sent: Friday, September 12, 2003 2:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Desktop patch management? Craig, I am also interested in responses to this question for the purposes of the Effective Security Practices project. Most of the solutions that I have encountered do not address the "keep-your-hands-off-my-systems" situations that are common on higher education environments. For instance, commercial management software requires some access to deliver patches and change configuration. Automatic delivery of patches using a local SUS server requires systems to be in a domain. The only legitimate* method that I have encountered that does not require access to the system is the UConn NetReg Scanner (http://security.uconn.edu/uconn_response.html). If a scan determines that the system is not patched, it does not get on the network. * illegitimate = exploiting the vulnerability to apply the patch Eoghan Casey 203-645-2774 On Friday, September 12, 2003, at 01:03 PM, Craig W. Drake wrote: I was just wondering how everyone is handling desktop patch management in their environments. We are in a situation where users/departments manage their own desktop systems. We do not have any kind of Windows domain structure and do not have any kind of common administrator account/password on desktops university-wide. Some users/departments have very negative attitudes towards our IT department and do not want anybody from our department "messing with" their computers. Management doesn't want to lose favor with those users by forcing them to comply with any kind of centralized IT policy. We have tried sending out emails to our users asking them to visit WindowsUpdate, but only about half of the computers get updated. Does anybody have any suggestions on how to force all of the updates to all of the computers on campus in this situation? Thanks, Craig W. Drake Networking and Distributed Services Northeastern Illinois University C-Drake () neiu edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Desktop patch management? Craig W. Drake (Sep 12)
- <Possible follow-ups>
- Desktop patch management? Craig W. Drake (Sep 12)
- Re: Desktop patch management? Omar Herrera (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? LaSandra DeLeon (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Clyde Hoadley (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Dan Roberts (Sep 12)
- Re: Desktop patch management? Melissa Guenther (Sep 13)
- Re: Desktop patch management? Craig W. Drake (Sep 16)
- Desktop patch management? Smith, Barry (Sep 30)
- Re: Desktop patch management? Craig W. Drake (Sep 30)
(Thread continues...)