Security Basics mailing list archives
RE: Patching
From: "wbradd" <wbradd () comcast net>
Date: Wed, 22 Oct 2003 19:15:51 -0400
The problem is when auditors come in, if you don't have all the patches listed for an OS, they will write you up even if the system is not accessable except from the terminal. -----Original Message----- From: Tran, John [mailto:John.Tran () unisys com] Sent: Wednesday, October 22, 2003 1:29 PM To: 'Gunnoe, Jason'; Meritt James; security-basics () securityfocus com Subject: RE: Patching I agree with Jason. First there has to be a reason to patch. You should not just go ahead and patch a machine without doing some good analysis. -----Original Message----- From: Gunnoe, Jason [mailto:Jason.Gunnoe () thomson com] Sent: Wednesday, October 22, 2003 9:54 AM To: Meritt James; security-basics () securityfocus com Subject: RE: Patching Mitigation of risk is the key here. Don't patch without reason. -----Original Message----- From: Meritt James [mailto:meritt_james () bah com] Sent: Monday, October 20, 2003 4:38 PM To: security-basics () securityfocus com Subject: Re: Patching On Mon, Oct 20, 2003 at 10:12:29AM +0200, Alessandro Bottonelli wrote:
A thought has been crossing my mind for a long time, I'd like to
confront it
with the list. In the "old days" a patch and/or fix was defined as "something that
closes a
known hole and opens ten unknown holes" :-) Yet, literature and common
practices keep saying we should maintain our systems and network
appliances
up to date with the last patches / software releases. WHY should I feel safer that way? How can I tell Rev. 1.3 is any
better
(security-wise) than Rev. 1.2 ? Is the cost (financial and others) of
change
management worth it? If so, how can I measure such worthness? -- Alessandro Bottonelli
A journey of a thousand miles starts with a single step. (10,000 -1) is less than 10,000. "Safer" is not "safe". As long as you are thinking, include that in your "why" considerations. -- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 ------------------------------------------------------------------------ --- FREE Whitepaper: Better Management for Network Security Looking for a better way to manage your IP security? Learn how Solsoft can help you: - Ensure robust IP security through policy-based management - Make firewall, VPN, and NAT rules interoperable across heterogeneous networks - Quickly respond to network events from a central console Download our FREE whitepaper at: http://www.securityfocus.com/sponsor/Solsoft_security-basics_031015 ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310 21 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_0310 21 ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Visual & Easy-to-use are not words that you think of when talking about network analyzers. Are you sick of the three window text decodes? Download ClearSight Network's Analyzer and see a new network analysis tool that makes the complex - easy http://www.securityfocus.com/sponsor/ClearSightNetworks_security-basics_031021 ----------------------------------------------------------------------------
Current thread:
- Re: Patching, (continued)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- Re: Patching Alessandro Bottonelli (Oct 21)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 22)
- RE: Patching Graydon McKee (Oct 22)
- Re: Patching Ansgar -59cobalt- Wiechers (Oct 21)
- Re: Patching gregh (Oct 21)
- RE: Patching Raoul Armfield (Oct 21)
- RE: Patching wbradd (Oct 22)
- audit (was: Re: Patching Meritt James (Oct 27)