Educause Security Discussion mailing list archives
Re: Automated Patching and Updates?
From: Bruce Purcell <bpurcell () CSUHAYWARD EDU>
Date: Thu, 25 Sep 2003 21:57:29 -0700
At Cal State Hayward, we are evaluating SMS for that very purpose. We've done some successful tests, but we are not in full production. Note: This is just for Enrollment Services, not the entire university. Overall, we are just starting to look at different vendors. But, as we have a contract with Microsoft and SMS does work (I have used it elsewhere), we've just started going down that route on our own. We are combining SMS with Mcafee's ePolicy Orchestrator. We have a site license for Mcafee VirusScan and Firewall and are implementing ePO to push .dat files and firewall rules. Bruce Purcell Enrollment Services Cal State Hayward -----Original Message----- From: Christian Grewell [ <mailto:christian () NYU EDU> mailto:christian () NYU EDU] Sent: Thursday, September 25, 2003 7:45 AM Subject: Re: Automated Patching and Updates? Just a quick question for the list. Is there anyone out there evaluating or using SMS (systems management server) for the purpose of 'pushing' both security patches and/or application updates? True, there's quite a bit of overhead compared with SuS - plus there's the need to login to a domain for advanced security features. It's *possible* to use certain features using standard windows auth. In SMS, but then you run into scalability issues. SuS does seem like a glorified windows update client, though I like the ability to approve updates - the logs are a bit cryptic, but those can be parsed to show what machines *downloaded* the patch - but you still can't be 100% sure that the patch was successfully applied. I'm just afraid it would still mean going out to the client machines in a time of crisis. I'd be interested in hearing what anyone thinks the advantages and disadvantages are using SuS. Thanks! Christian Grewell Information Technology Services New York University christian () nyu edu -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [ <mailto:SECURITY () LISTSERV EDUCAUSE EDU> mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Craig W. Drake Sent: Thursday, September 25, 2003 10:35 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automated Patching and Updates?
From what I have read, it is supposed to be permanent.
Craig W. Drake Windows NT/2000 Server Administrator Networking and Distributed Services Northeastern Illinois University Phone: (773)442-4386 Email: c-drake () neiu edu -----Original Message----- From: Bradford B. Saul [ <mailto:saulbb () JMU EDU> mailto:saulbb () JMU EDU] Sent: Thursday, September 25, 2003 9:34 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automated Patching and Updates? Any idea if this is permanent or just a point in time due to the current issues.... Brad
Microsoft recently added (without any forwarning) W2kSP4 and XPsp1 in
their SUS updates.
-----Original Message-----
From: Bradford B. Saul [ <mailto:saulbb () JMU EDU> mailto:saulbb () JMU EDU]
Sent: Thursday, September 25, 2003 10:16 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automated Patching and Updates?
Just a side note on the SUS Server. How are schools that are using
the SUS server handling Service Packs? From what I understand SUS
does not support the distribution of Service Packs, and if the user
has altered their registry to point to SUS.college.edu they will not
be notified of Service Pack availability.
Brad
-----------------------------------
Bradford B. Saul
Lead Network Engineer
IT - Network Engineering
Hoffman Hall Room 10, MSC 1401
James Madison University
Harrisonburg, VA 22807
V: (540) 568-2379
F: (540) 568-1696
M: (540) 435-3079
saulbb () jmu edu
-----Original Message-----
From: Sadler, Connie [ <mailto:Connie_Sadler () BROWN EDU>
mailto:Connie_Sadler () BROWN EDU]
Sent: Thursday, September 25, 2003 8:20 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Automated Patching and Updates?
Given all of the recent worm activity, etc., it seems timely to
gather
some
information from you folks regarding what you are already doing - or
planning to do - in terms of pushing updates and patches out to your
user communities in a way that is not too "intrusive". We all work in
diverse environments where many of our users are also sensitive to
having someone else "touch" their machines. Yet it seems a losing
battle to continue to manually update workstations in some areas when
they are being
automatically
attacked in very sophisticated ways.
Can you folks please share with us:
1) What you are already doing now - in terms of pushing or
automating patching or updates?
2) What you are evaluating or looking at for doing this kind of
thing -
and
in what areas of your environment?
3) What technologies you are familiar with and what platforms the
solutions
support?
Thanks much! I am willing to summarize the input I receive if I get
enough good feedback...
Connie J. Sadler, CM, CISSP, CISM
Director, IT Security, Brown University
Box 1885, Providence, RI 02912
Connie_Sadler () Brown edu
PGP Fingerprint: 452A C178 1450 9CE1 3AC1 CC12 956F 2C55 DB94 A9C7
Office: 401-863-7266
**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
<http://www.educause.edu/cg/> http://www.educause.edu/cg/.
**********
Participation and subscription information for this EDUCAUSE
Discussion
Group
discussion list can be found at <http://www.educause.edu/cg/>
http://www.educause.edu/cg/.
-----------------------------------
Bradford B. Saul
Lead Network Engineer
IT - Network Engineering
Hoffman Hall Room 10, MSC 1401
James Madison University
Harrisonburg, VA 22807
V: (540) 568-2379
F: (540) 568-1696
M: (540) 435-3079
saulbb () jmu edu
**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
<http://www.educause.edu/cg/> http://www.educause.edu/cg/.
**********
Participation and subscription information for this EDUCAUSE
Discussion Group discussion list can be found at
<http://www.educause.edu/cg/> http://www.educause.edu/cg/.
----------------------------------- Bradford B. Saul Lead Network Engineer IT - Network Engineering Hoffman Hall Room 10, MSC 1401 James Madison University Harrisonburg, VA 22807 V: (540) 568-2379 F: (540) 568-1696 M: (540) 435-3079 saulbb () jmu edu ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at <http://www.educause.edu/cg/> http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at <http://www.educause.edu/cg/> http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at <http://www.educause.edu/cg/> http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at <http://www.educause.edu/cg/> http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Re: Automated Patching and Updates?, (continued)
- Re: Automated Patching and Updates? Tavakoli, Rooz (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 25)
- Re: Automated Patching and Updates? Bradford B. Saul (Sep 25)
- Re: Automated Patching and Updates? Craig W. Drake (Sep 25)
- Re: Automated Patching and Updates? Christian Grewell (Sep 25)
- Re: Automated Patching and Updates? Beechey, Jim (Sep 25)
- Re: Automated Patching and Updates? Joanne Murray (Sep 25)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 25)
- Re: Automated Patching and Updates? Brian Reilly (Sep 25)
- Re: Automated Patching and Updates? Bruce Purcell (Sep 25)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 26)
- Re: Automated Patching and Updates? F.M. Taylor (Sep 26)
- Re: Automated Patching and Updates? Christian Grewell (Sep 26)
- Re: Automated Patching and Updates? Ariel Silverstone (Sep 26)
- Re: Automated Patching and Updates? Wehner, Paul (wehnerpl) (Sep 26)
- Re: Automated Patching and Updates? Bruce Purcell (Sep 26)