Re: Desktop patch management?

[Clyde Hoadley <hoadleyc () MSCD EDU>]

Thank you for the very useful information about NetReg and how
you have been dealing with these worms.  Here at MSCD we deploy
a standard image to all of our desk tops.  We use LANDesk to
keep an inventory of them and their patch level.  We also use
LANDesk to push out updates to them.  See: "http://www.landesk.com/";

As of today, it has been made a high priority to find some way to
"Certify" personal lap top computers.  It looks like the NetReg product
is just what we need.

On another topic...
We had a consultant here this week from LANDesk.  He told us about
a free stand-alone virus scanner from McAfee.  It replaces all of
those individual clean up tools.  Take a look at:
"http://vil.nai.com/vil/stinger/";

--
Clyde Hoadley
Security & Disaster Recovery Coordinator
Division of Information Technology
Metropolitan State College of Denver
hoadleyc () mscd edu
http://clem.mscd.edu/~hoadleyc/
(303) 556-5074



Eoghan Casey wrote:

> Craig,
>
> I am also interested in responses to this question for the purposes of
> the Effective Security Practices project. Most of the solutions that I
> have encountered do not address the "keep-your-hands-off-my-systems"
> situations that are common on higher education environments. For
> instance, commercial management software requires some access to deliver
> patches and change configuration. Automatic delivery of patches using a
> local SUS server requires systems to be in a domain.
>
> The only legitimate* method that I have encountered that does not
> require access to the system is the UConn NetReg Scanner
> (http://security.uconn.edu/uconn_response.html). If a scan determines
> that the system is not patched, it does not get on the network.
>
> * illegitimate = exploiting the vulnerability to apply the patch
>
> Eoghan Casey
> 203-645-2774
>
> On Friday, September 12, 2003, at 01:03  PM, Craig W. Drake wrote:
>
> > I was just wondering how everyone is handling desktop patch management
> > in their environments.  We are in a situation where users/departments
> > manage their own desktop systems.  We do not have any kind of Windows
> > domain structure and do not have any kind of common administrator
> > account/password on desktops university-wide.  Some users/departments
> > have very negative attitudes towards our IT department and do not want
> > anybody from our department "messing with" their computers. Management
> > doesn't want to lose favor with those users by forcing them to comply
> > with any kind of centralized IT policy. We have tried sending out
> > emails to our users asking them to visit WindowsUpdate, but only about
> > half of the computers get updated.  Does anybody have any suggestions
> > on how to force all of the updates to all of the computers on campus
> > in this situation?
> >
> > Thanks,
> >
> > Craig W. Drake
> > Networking and Distributed Services
> > Northeastern Illinois University
> > C-Drake () neiu edu
>
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
> Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.