Security Basics mailing list archives
Re: Patching internet facing MS systems
From: evilwon () yahoo com
Date: 11 Mar 2008 14:42:01 -0000
Dan, IMO, I would not allow the machines to join the domain to utilize SMS. This would just give attackers another potential avenue into your corporate network. If you choose to allow outbound connections to Microsoft, I would still make sure that you manually patch the machines. I have had automatic updates bite me one too many times to allow it to automatically patch & reboot systems for me. I state this with the assumption that these servers are in the DMZ for a reason and you want them to have as much uptime as possible. While sneaker-net stinks, there are worse possible outcomes. If you wanted to open up access to Micrsoft, what about working with the people who manage the firewalls and only open up outside access to Microsoft during scheduled periods when the patches will be applied?
Current thread:
- Re: Patching internet facing MS systems, (continued)
- Re: Patching internet facing MS systems Josh Haft (Mar 11)
- Re: Patching internet facing MS systems Kurt Buff (Mar 11)
- RE: Patching internet facing MS systems Dan Lynch (Mar 13)
- Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 13)
- RE: Patching internet facing MS systems Dan Lynch (Mar 13)
- RE: Patching internet facing MS systems Dan Denton (Mar 13)
- Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 13)
- Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 13)
- Re: Patching internet facing MS systems Ansgar -59cobalt- Wiechers (Mar 13)