Educause Security Discussion mailing list archives

Re: Automated Patching and Updates?

From: Ron Parker <rparker () BRAZOSPORT EDU>
Date: Thu, 25 Sep 2003 07:35:36 -0500

In answer to your questions below:

1) We're using Microsoft's Software Update Service (SUS) to push patches
out to our XP desktops from our own update server. This is just a
glorified version of the Windows update service built into XP but it lets
us have some control over what gets pushed and when. We use a group policy
to force the patch installation and a reboot if necessary. Unfortunately,
a large part of our campus is still on Windows 98 so this doesn't help us
as much it could. We are accelerating our push to convert completely to
XP. This also doesn't work in our labs where we use Deep Freeze to revert
the machines back to their initial state when they reboot.

2) We aren't really looking at anything else at the moment.

3) The above solution works for XP and Windows 2000 but not Windows 98.

--
Ron Parker, Director of Information Technology, Brazosport College
Voice: (979) 230-3480             FAX: (979) 230-3111
http://www.brazosport.edu


On Thu, 25 Sep 2003, Sadler, Connie wrote:

Given all of the recent worm activity, etc., it seems timely to gather
some information from you folks regarding what you are already doing -
or planning to do - in terms of pushing updates and patches out to your
user communities in a way that is not too "intrusive". We all work in
diverse environments where many of our users are also sensitive to
having someone else "touch" their machines. Yet it seems a losing battle
to continue to manually update workstations in some areas when they are
being automatically attacked in very sophisticated ways.

Can you folks please share with us:

1)  What you are already doing now - in terms of pushing or automating
patching or updates?

2)  What you are evaluating or looking at for doing this kind of thing -
and in what areas of your environment?

3)  What technologies you are familiar with and what platforms the
solutions support?

Thanks much! I am willing to summarize the input I receive if I get
enough good feedback...

Connie J. Sadler, CM, CISSP, CISM
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
PGP Fingerprint: 452A C178 1450 9CE1 3AC1  CC12 956F 2C55 DB94 A9C7
Office: 401-863-7266

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.


**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Automated Patching and Updates? Sadler, Connie (Sep 25)
- <Possible follow-ups>
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Howell, Paul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Tavakoli, Rooz (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Christian Grewell (Sep 25)
- Re: Automated Patching and Updates? Beechey, Jim (Sep 25)

(Thread continues...)