Educause Security Discussion mailing list archives
Re: Automated Patching and Updates?
From: Ariel Silverstone <ariel.silverstone () TEMPLE EDU>
Date: Thu, 25 Sep 2003 12:01:47 -0400
Temple University has embarked on an effort to find a solution to patch-manage all of our machines (or the great majority of those). We have identified a need for a unified control center to address tools from W98-W2K, Unix (many flavors) and Macs. We are contacting about 30(!) vendors to start a comparison, and will welcome all offers of product lines, technical assistance, war stories and offers of physical help. Thank you, Ariel Silverstone Chief Information Security Officer Temple University -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christian Grewell Sent: Thursday, September 25, 2003 10:45 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automated Patching and Updates? Just a quick question for the list. Is there anyone out there evaluating or using SMS (systems management server) for the purpose of 'pushing' both security patches and/or application updates? True, there's quite a bit of overhead compared with SuS - plus there's the need to login to a domain for advanced security features. It's *possible* to use certain features using standard windows auth. In SMS, but then you run into scalability issues. SuS does seem like a glorified windows update client, though I like the ability to approve updates - the logs are a bit cryptic, but those can be parsed to show what machines *downloaded* the patch - but you still can't be 100% sure that the patch was successfully applied. I'm just afraid it would still mean going out to the client machines in a time of crisis. I'd be interested in hearing what anyone thinks the advantages and disadvantages are using SuS. Thanks! Christian Grewell Information Technology Services New York University christian () nyu edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Craig W. Drake Sent: Thursday, September 25, 2003 10:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automated Patching and Updates?
From what I have read, it is supposed to be permanent.
Craig W. Drake Windows NT/2000 Server Administrator Networking and Distributed Services Northeastern Illinois University Phone: (773)442-4386 Email: c-drake () neiu edu -----Original Message----- From: Bradford B. Saul [mailto:saulbb () JMU EDU] Sent: Thursday, September 25, 2003 9:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automated Patching and Updates? Any idea if this is permanent or just a point in time due to the current issues.... Brad
Microsoft recently added (without any forwarning) W2kSP4 and XPsp1 in their SUS updates. -----Original Message----- From: Bradford B. Saul [mailto:saulbb () JMU EDU] Sent: Thursday, September 25, 2003 10:16 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automated Patching and Updates? Just a side note on the SUS Server. How are schools that are using the SUS server handling Service Packs? From what I understand SUS does not support the distribution of Service Packs, and if the user has altered their registry to point to SUS.college.edu they will not be notified of Service Pack availability. Brad ----------------------------------- Bradford B. Saul Lead Network Engineer IT - Network Engineering Hoffman Hall Room 10, MSC 1401 James Madison University Harrisonburg, VA 22807 V: (540) 568-2379 F: (540) 568-1696 M: (540) 435-3079 saulbb () jmu edu-----Original Message----- From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] Sent: Thursday, September 25, 2003 8:20 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Automated Patching and Updates? Given all of the recent worm activity, etc., it seems timely to gathersomeinformation from you folks regarding what you are already doing - or planning to do - in terms of pushing updates and patches out to your user communities in a way that is not too "intrusive". We all work in
diverse environments where many of our users are also sensitive to having someone else "touch" their machines. Yet it seems a losing battle to continue to manually update workstations in some areas when
they are beingautomaticallyattacked in very sophisticated ways. Can you folks please share with us: 1) What you are already doing now - in terms of pushing or automating patching or updates? 2) What you are evaluating or looking at for doing this kind of thing -andin what areas of your environment? 3) What technologies you are familiar with and what platforms thesolutionssupport? Thanks much! I am willing to summarize the input I receive if I get enough good feedback... Connie J. Sadler, CM, CISSP, CISM Director, IT Security, Brown University Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu PGP Fingerprint: 452A C178 1450 9CE1 3AC1 CC12 956F 2C55 DB94 A9C7 Office: 401-863-7266 ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE DiscussionGroupdiscussion list can be found at http://www.educause.edu/cg/.----------------------------------- Bradford B. Saul Lead Network Engineer IT - Network Engineering Hoffman Hall Room 10, MSC 1401 James Madison University Harrisonburg, VA 22807 V: (540) 568-2379 F: (540) 568-1696 M: (540) 435-3079 saulbb () jmu edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
----------------------------------- Bradford B. Saul Lead Network Engineer IT - Network Engineering Hoffman Hall Room 10, MSC 1401 James Madison University Harrisonburg, VA 22807 V: (540) 568-2379 F: (540) 568-1696 M: (540) 435-3079 saulbb () jmu edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Automated Patching and Updates?, (continued)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Tavakoli, Rooz (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Christian Grewell (Sep 25)
- Re: Automated Patching and Updates? Beechey, Jim (Sep 25)
- Re: Automated Patching and Updates? Joanne Murray (Sep 25)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 25)
- Re: Automated Patching and Updates? Brian Reilly (Sep 25)
- Re: Automated Patching and Updates? Bruce Purcell (Sep 25)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 26)
- Re: Automated Patching and Updates? F.M. Taylor (Sep 26)
- Re: Automated Patching and Updates? Christian Grewell (Sep 26)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 26)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 26)
- Re: Automated Patching and Updates? Bruce Purcell (Sep 26)