Educause Security Discussion mailing list archives
Re: Desktop patch management?
From: Dan Roberts <ddrobert () KENT EDU>
Date: Sat, 13 Sep 2003 01:38:25 -0400
Craig, Unless you have the staff and infrastructure to force patches down to desktops and deal with the reprocussions when things go wrong (and they will go wrong), I would avoid going down that road. Instead, try some social engineering.. Make it easy for your users to do "the right thing" - Run a local SUS server to ensure availability of updates - Educate your userbase about the basics of good desktop management - Establish a webpage to communicate advisories and patching instructions - Ensure that your helpdesk can assist users with patching procedures if they have difficulties Create a fair penalty system for failure to keep systems patched. Turn off network connections to PC's which are compromised or vulnerable, and then require them to be patched and charge the user a fee to restore connectivity. Obviously this requires management buy-in, but it leaves the individual users/departments to decide the best way of carrying out their own system maintenance. This is particularly important in those situations where staff do not want you touching their PC's, and even more importantly reduces your liability. Because, you know.. as soon as you start messing with someone's PC, you suddenly become the scapegoat for all of their problems. If you provide enough support to your users, and enforce some consequences for endangering the rest of the network, I bet you'll find 95%+ of your users will gladly play along. Also be ready to address the loud minority.. use those opportunities to reinforce your position. Dan Roberts Senior Systems Programmer Administrative Computing Services Kent State University 330-672-5373 ddrobert () kent edu ---- Original Message ---- Date: Fri, 12 Sep 2003 12:03:49 -0500 Reply-To: The EDUCAUSE Security Discussion Group Listserv ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Desktop patch management?, (continued)
- Desktop patch management? Craig W. Drake (Sep 12)
- Re: Desktop patch management? Omar Herrera (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? LaSandra DeLeon (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Clyde Hoadley (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Dan Roberts (Sep 12)
- Re: Desktop patch management? Melissa Guenther (Sep 13)
- Re: Desktop patch management? Craig W. Drake (Sep 16)
- Desktop patch management? Smith, Barry (Sep 30)
- Re: Desktop patch management? Craig W. Drake (Sep 30)
- Re: Desktop patch management? Christian Grewell (Sep 30)
- Re: Desktop patch management? Marty Hoag (Sep 30)