Educause Security Discussion mailing list archives
Re: Microsoft Security Bulletins
From: Michael Halm <Michael.Halm () CCMAIL NEVADA EDU>
Date: Wed, 15 Oct 2003 14:27:19 -0700
Here we send out an e-mail alert on patches we consider critical to network security. We send out a second notice a week later. 10 days more or less (depending on whether an exploit is in the wild) we put up a redirect server on outgoing port 80. We scan every half hour and create a list of unpatched hosts. When the users of these hosts try to go to a web page, they are redirected to our page that explains the importance of the patch and has a link to instructions and download for the patch. At first, we give them an option to click through the page and continue to surf. After a few days, they cannot click through until five or ten minutes have elapsed. After a few more days, an hour. And finally, they cannot get www access out until they patch. This method usually gets all but a few dozen to patch. Those few dozen we hunt down. Michael Halm Network Operations Center University of Nevada Las Vegas 4505 Maryland Parkway Las Vegas Nv 89154 702-895-0726 "Walsh, Brian R. (Information Services)" <brwal () CONNCOLL EDU> Sent by: The EDUCAUSE Security Discussion Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> 10/15/2003 02:14 PM Please respond to The EDUCAUSE Security Discussion Group Listserv To: SECURITY () LISTSERV EDUCAUSE EDU cc: Subject: [SECURITY] Microsoft Security Bulletins Microsoft has just sent out two "Security Bulletin Summaries". One for Exchange Server and one for Windows (although they messed up the subject on the second one). They also included a link in both messages that doesn't work. Otherwise these messages look legit. It looks like this is one of the ways they are trying to be more responsive to newly identified security vulnerabilities. The Windows updates are being handled here by Software Update Server but we are struggling with how to communicate the importance of installing critical updates to students. How are you dealing with this? I also noticed that MS now has a free support line for security patches 1-866-PCSAFETY. Has anyone used this? Is this somethging we should pass along to students? Brian Walsh Information Security Officer Connecticut College ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/cg/.
Current thread:
- Microsoft Security Bulletins Walsh, Brian R. (Information Services) (Oct 15)
- <Possible follow-ups>
- Re: Microsoft Security Bulletins Michael Halm (Oct 15)
- Re: Microsoft Security Bulletins Marty Hoag (Oct 15)
- Re: Microsoft Security Bulletins H. Morrow Long (Oct 16)