Re: Desktop patch management?

[Melissa Guenther <mguenther () COX NET>]

Thank you!  It is so good to hear someone is not forgetting the key to
security.
The Blaster situation would not have happened had individuals :
a) knew what to do - update the patch
b) knew how to do it
c) wanted to do it - understood their responsibility towards Heads Up
Computing.

Making it easy for users to do the right thing is great advice.
----- Original Message -----
From: "Dan Roberts" <ddrobert () KENT EDU>
To: <SECURITY () LISTSERV EDUCAUSE EDU>
Sent: Friday, September 12, 2003 10:38 PM
Subject: Re: [SECURITY] Desktop patch management?


> Craig,
>
> Unless you have the staff and infrastructure to force patches down to
> desktops and deal with the reprocussions when things go wrong (and they
> will go wrong), I would avoid going down that road.  Instead, try some
> social engineering..
>
> Make it easy for your users to do "the right thing"
> - Run a local SUS server to ensure availability of updates
> - Educate your userbase about the basics of good desktop management
> - Establish a webpage to communicate advisories and patching instructions
> - Ensure that your helpdesk can assist users with patching procedures if
> they have difficulties
>
> Create a fair penalty system for failure to keep systems patched.  Turn
off
> network connections to PC's which are compromised or vulnerable, and then
> require them to be patched and charge the user a fee to restore
> connectivity.  Obviously this requires management buy-in, but it leaves
the
> individual users/departments to decide the best way of carrying out their
> own system maintenance.  This is particularly important in those
situations
> where staff do not want you touching their PC's, and even more importantly
> reduces your liability.  Because, you know.. as soon as you start messing
> with someone's PC, you suddenly become the scapegoat for all of their
> problems.
>
> If you provide enough support to your users, and enforce some consequences
> for endangering the rest of the network, I bet you'll find 95%+ of your
> users will gladly play along.  Also be ready to address the loud
minority..
> use those opportunities to reinforce your position.
>
> Dan Roberts
> Senior Systems Programmer
> Administrative Computing Services
> Kent State University
>
> 330-672-5373
> ddrobert () kent edu
>
> ---- Original Message ----
>
>
>    Date:         Fri, 12 Sep 2003 12:03:49 -0500
>    Reply-To:     The EDUCAUSE Security Discussion Group Listserv
>
> **********
> Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
>

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.