Educause Security Discussion mailing list archives
Re: Desktop patch management?
From: Melissa Guenther <mguenther () COX NET>
Date: Sat, 13 Sep 2003 10:43:48 -0700
Thank you! It is so good to hear someone is not forgetting the key to security. The Blaster situation would not have happened had individuals : a) knew what to do - update the patch b) knew how to do it c) wanted to do it - understood their responsibility towards Heads Up Computing. Making it easy for users to do the right thing is great advice. ----- Original Message ----- From: "Dan Roberts" <ddrobert () KENT EDU> To: <SECURITY () LISTSERV EDUCAUSE EDU> Sent: Friday, September 12, 2003 10:38 PM Subject: Re: [SECURITY] Desktop patch management?
Craig, Unless you have the staff and infrastructure to force patches down to desktops and deal with the reprocussions when things go wrong (and they will go wrong), I would avoid going down that road. Instead, try some social engineering.. Make it easy for your users to do "the right thing" - Run a local SUS server to ensure availability of updates - Educate your userbase about the basics of good desktop management - Establish a webpage to communicate advisories and patching instructions - Ensure that your helpdesk can assist users with patching procedures if they have difficulties Create a fair penalty system for failure to keep systems patched. Turn
off
network connections to PC's which are compromised or vulnerable, and then require them to be patched and charge the user a fee to restore connectivity. Obviously this requires management buy-in, but it leaves
the
individual users/departments to decide the best way of carrying out their own system maintenance. This is particularly important in those
situations
where staff do not want you touching their PC's, and even more importantly reduces your liability. Because, you know.. as soon as you start messing with someone's PC, you suddenly become the scapegoat for all of their problems. If you provide enough support to your users, and enforce some consequences for endangering the rest of the network, I bet you'll find 95%+ of your users will gladly play along. Also be ready to address the loud
minority..
use those opportunities to reinforce your position. Dan Roberts Senior Systems Programmer Administrative Computing Services Kent State University 330-672-5373 ddrobert () kent edu ---- Original Message ---- Date: Fri, 12 Sep 2003 12:03:49 -0500 Reply-To: The EDUCAUSE Security Discussion Group Listserv ********** Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.
********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Desktop patch management?, (continued)
- Re: Desktop patch management? Omar Herrera (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? LaSandra DeLeon (Sep 12)
- Re: Desktop patch management? Ariel Silverstone (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Eoghan Casey (Sep 12)
- Re: Desktop patch management? Clyde Hoadley (Sep 12)
- Re: Desktop patch management? Brian K. Dore' (Sep 12)
- Re: Desktop patch management? Dan Roberts (Sep 12)
- Re: Desktop patch management? Melissa Guenther (Sep 13)
- Re: Desktop patch management? Craig W. Drake (Sep 16)
- Desktop patch management? Smith, Barry (Sep 30)
- Re: Desktop patch management? Craig W. Drake (Sep 30)
- Re: Desktop patch management? Christian Grewell (Sep 30)
- Re: Desktop patch management? Marty Hoag (Sep 30)