Educause Security Discussion mailing list archives
Change Management [was:RE: Windows Patch Management]
From: "Anderson, Kelly" <kjanders () UMICH EDU>
Date: Mon, 11 Dec 2006 09:49:08 -0500
Good Morning List, We have a documented patch management plan for our services. Since we do not manage workstations (except our own), we manually apply patches after a risk assessment of each patch is done by yours truly. All patches eventually get applied, critical patches get applied within 24 hours or less, less critical patches sometimes wait until the next maintenance/outage period for that server. I'd be happy to share my plan - just send me a private message. However, I'm wondering if any of you have a formal procedure/format you follow for change management. I am looking for an efficient way to approve and document changes. We do not want to be bogged down with procedures and review committees, we just need something quick and concise. Right now we keep a calendar on our Exchange system to which we add all change events. That seems to work for the documentation part, but I'd like some more thoughts on the approval/review process before the change happens. Sorry that this question sounds a bit vague...I'm looking for ideas. Thanks! Kelly Jo Anderson University of Michigan kjanders (at) umich (dot) edu ________________________________ From: Rose, Ryan [mailto:Ryan.Rose () UNCO EDU] Sent: Thu 12/7/2006 9:18 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows Patch Management Zeb, Good point, the change management forms and preparation is what takes the most time and causes the most angst. We use WSUS for our workstation environment, but due to some inadvertent installations and reboots we have stayed away from the servers. Thanks for the feedback, Ryan -----Original Message----- From: Bowden, Zeb [mailto:zbowden () VT EDU] Sent: Thursday, December 07, 2006 6:49 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Windows Patch Management We're using WSUS to distribute and approve the updates for our servers and have found this saves quite a bit of time. It's also pretty flexible and has decent reporting for patch status and verification. Is it the actual patching that's taking so much time and driving your admins crazy or is it the preparation for the patching (backups, testing, verification, etc)? Zeb Bowden zbowden () vt edu -----Original Message----- From: Rose, Ryan [mailto:Ryan.Rose () UNCO EDU] Sent: Wednesday, December 06, 2006 5:12 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Windows Patch Management Greetings, I'm curious how other institutions are conducting Windows Server Patch Management. Currently we are testing the patches in our test environment for the week following the release date. We then roll-out the updates to all productions servers over the following weekend within our maintenance windows. This takes an amazing amount of time, we believe it is best to stick to a monthly schedule but our sys admins are going crazy. Any suggestions or thoughts around this issue. Thanks in advance, Ryan
Current thread:
- Change Management [was:RE: Windows Patch Management] Anderson, Kelly (Dec 11)