Educause Security Discussion mailing list archives
Re: Desktop patch management?
From: Clyde Hoadley <hoadleyc () MSCD EDU>
Date: Fri, 12 Sep 2003 16:40:44 -0600
Thank you for the very useful information about NetReg and how you have been dealing with these worms. Here at MSCD we deploy a standard image to all of our desk tops. We use LANDesk to keep an inventory of them and their patch level. We also use LANDesk to push out updates to them. See: "http://www.landesk.com/" As of today, it has been made a high priority to find some way to "Certify" personal lap top computers. It looks like the NetReg product is just what we need. On another topic... We had a consultant here this week from LANDesk. He told us about a free stand-alone virus scanner from McAfee. It replaces all of those individual clean up tools. Take a look at: "http://vil.nai.com/vil/stinger/" -- Clyde Hoadley Security & Disaster Recovery Coordinator Division of Information Technology Metropolitan State College of Denver hoadleyc () mscd edu http://clem.mscd.edu/~hoadleyc/ (303) 556-5074 Eoghan Casey wrote:
Craig, I am also interested in responses to this question for the purposes of the Effective Security Practices project. Most of the solutions that I have encountered do not address the "keep-your-hands-off-my-systems" situations that are common on higher education environments. For instance, commercial management software requires some access to deliver patches and change configuration. Automatic delivery of patches using a local SUS server requires systems to be in a domain. The only legitimate* method that I have encountered that does not require access to the system is the UConn NetReg Scanner (http://security.uconn.edu/uconn_response.html). If a scan determines that the system is not patched, it does not get on the network. * illegitimate = exploiting the vulnerability to apply the patch Eoghan Casey 203-645-2774 On Friday, September 12, 2003, at 01:03 PM, Craig W. Drake wrote:I was just wondering how everyone is handling desktop patch management in their environments. We are in a situation where users/departments manage their own desktop systems. We do not have any kind of Windows domain structure and do not have any kind of common administrator account/password on desktops university-wide. Some users/departments have very negative attitudes towards our IT department and do not want anybody from our department "messing with" their computers. Management doesn't want to lose favor with those users by forcing them to comply with any kind of centralized IT policy. We have tried sending out emails to our users asking them to visit WindowsUpdate, but only about half of the computers get updated. Does anybody have any suggestions on how to force all of the updates to all of the computers on campus in this situation? Thanks, Craig W. Drake Networking and Distributed Services Northeastern Illinois University C-Drake () neiu edu********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Desktop patch management? Craig W. Drake (Sep 12)
- <Possible follow-ups>
- Desktop patch management? Craig W. Drake (Sep 12)
- Re: Desktop patch management? Omar Herrera (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? LaSandra DeLeon (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Clyde Hoadley (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Dan Roberts (Sep 12)
- Re: Desktop patch management? Melissa Guenther (Sep 13)
- Re: Desktop patch management? Craig W. Drake (Sep 16)
- Desktop patch management? Smith, Barry (Sep 30)
- Re: Desktop patch management? Craig W. Drake (Sep 30)
- Re: Desktop patch management? Christian Grewell (Sep 30)
- Re: Desktop patch management? Marty Hoag (Sep 30)