Educause Security Discussion mailing list archives

Re: Automated Patching and Updates?

From: Ariel Silverstone <ariel.silverstone () TEMPLE EDU>
Date: Thu, 25 Sep 2003 12:01:47 -0400

Temple University has embarked on an effort to find a solution to
patch-manage all of our machines (or the great majority of those).

We have identified a need for a unified control center to address tools from
W98-W2K, Unix (many flavors) and Macs.

We are contacting about 30(!) vendors to start a comparison, and will
welcome all offers of product lines, technical assistance, war stories and
offers of physical help.


Thank you,

Ariel Silverstone
Chief Information Security Officer
Temple University

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Christian Grewell
Sent: Thursday, September 25, 2003 10:45 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automated Patching and Updates?

Just a quick question for the list.

Is there anyone out there evaluating or using SMS (systems management
server) for the purpose of 'pushing' both security patches and/or
application updates? True, there's quite a bit of overhead compared with
SuS - plus there's the need to login to a domain for advanced security
features. It's *possible* to use certain features using standard windows
auth. In SMS, but then you run into scalability issues.

SuS does seem like a glorified windows update client, though I like the
ability to approve updates - the logs are a bit cryptic, but those can
be parsed to show what machines *downloaded* the patch - but you still
can't be 100% sure that the patch was successfully applied. I'm just
afraid it would still mean going out to the client machines in a time of
crisis.

I'd be interested in hearing what anyone thinks the advantages and
disadvantages are using SuS.

Thanks!

Christian Grewell
Information Technology Services
New York University
christian () nyu edu




-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Craig W. Drake
Sent: Thursday, September 25, 2003 10:35 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automated Patching and Updates?

From what I have read, it is supposed to be permanent.



Craig W. Drake
Windows NT/2000 Server Administrator
Networking and Distributed Services
Northeastern Illinois University
Phone: (773)442-4386
Email: c-drake () neiu edu



-----Original Message-----
From: Bradford B. Saul [mailto:saulbb () JMU EDU]
Sent: Thursday, September 25, 2003 9:34 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automated Patching and Updates?


Any idea if this is permanent or just a point in time due to the current
issues....

Brad

Microsoft recently added (without any forwarning) W2kSP4 and XPsp1 in
their SUS updates.

-----Original Message-----
From: Bradford B. Saul [mailto:saulbb () JMU EDU]
Sent: Thursday, September 25, 2003 10:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automated Patching and Updates?

Just a side note on the SUS Server.  How are schools that are using
the SUS server handling Service Packs?  From what I understand SUS
does not support the distribution of Service Packs, and if the user
has altered their registry to point to SUS.college.edu they will not
be notified of Service Pack availability.

Brad
-----------------------------------
Bradford B. Saul
Lead Network Engineer
IT - Network Engineering
Hoffman Hall Room 10, MSC 1401
James Madison University
Harrisonburg, VA 22807
V: (540) 568-2379
F: (540) 568-1696
M: (540) 435-3079
saulbb () jmu edu

-----Original Message-----
From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU]
Sent: Thursday, September 25, 2003 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Automated Patching and Updates?


Given all of the recent worm activity, etc., it seems timely to
gather

some

information from you folks regarding what you are already doing - or
planning to do - in terms of pushing updates and patches out to your
user communities in a way that is not too "intrusive". We all work in

diverse environments where many of our users are also sensitive to
having someone else "touch" their machines. Yet it seems a losing
battle to continue to manually update workstations in some areas when

they are being

automatically

attacked in very sophisticated ways.

Can you folks please share with us:

1)  What you are already doing now - in terms of pushing or
automating patching or updates?

2)  What you are evaluating or looking at for doing this kind of
thing -

and

in what areas of your environment?

3)  What technologies you are familiar with and what platforms the

solutions

support?

Thanks much! I am willing to summarize the input I receive if I get
enough good feedback...

Connie J. Sadler, CM, CISSP, CISM
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
PGP Fingerprint: 452A C178 1450 9CE1 3AC1  CC12 956F 2C55 DB94 A9C7
Office: 401-863-7266

**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE
Discussion

Group

discussion list can be found at http://www.educause.edu/cg/.


-----------------------------------
Bradford B. Saul
Lead Network Engineer
IT - Network Engineering
Hoffman Hall Room 10, MSC 1401
James Madison University
Harrisonburg, VA 22807
V: (540) 568-2379
F: (540) 568-1696
M: (540) 435-3079
saulbb () jmu edu

**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
http://www.educause.edu/cg/.


-----------------------------------
Bradford B. Saul
Lead Network Engineer
IT - Network Engineering
Hoffman Hall Room 10, MSC 1401
James Madison University
Harrisonburg, VA 22807
V: (540) 568-2379
F: (540) 568-1696
M: (540) 435-3079
saulbb () jmu edu

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

Re: Automated Patching and Updates?, (continued)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Ron Parker (Sep 25)
- Re: Automated Patching and Updates? Tavakoli, Rooz (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Christian Grewell (Sep 25)
- Re: Automated Patching and Updates? Beechey, Jim (Sep 25)
- Re: Automated Patching and Updates? Joanne Murray (Sep 25)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 25)
- Re: Automated Patching and Updates? Brian Reilly (Sep 25)
- Re: Automated Patching and Updates? Bruce Purcell (Sep 25)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 26)
- Re: Automated Patching and Updates? F.M. Taylor (Sep 26)
- Re: Automated Patching and Updates? Christian Grewell (Sep 26)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 26)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 26)
- Re: Automated Patching and Updates? Bruce Purcell (Sep 26)