Home
Calendar
Certifications
Columns
Features
Forum
Resources
Vitals
Latest Additions
April 2013 Free Giveaway Sponsor - eLearnSecurity
Human Intelligence to Navigate the Security Data Deluge
February 2013 Free Giveaway Winner of SANS CyberCon Training
Interview: Bugcrowd Founders on Herding Ninjas for Crowdsourced Bug Bounties
Network Forensics: The Tree in the Forest
March 2013 Free Giveaway Sponsor - Mile2
Book Review: Violent Python
February 2013 Free Giveaway Sponsor - SANS
Holiday 2012 Free Giveaway Winner of Metasploit Pro by Rapid7
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
The Security Consulting Sugar High
Tutorial: Fun with SMB on the Command Line
Interview: Ilia Kolochenko, CEO of High-Tech Bridge
October 2012 Free Giveaway Winner of LearningGate Training
The Broken: Assessing Corporate Security in 2012 to Make a Better 2013
EH-Net Login
Welcome Guest.
Username:
Password:
Remember me
Lost Password?
No account yet?
Register
Who's Online
We have 23 guests online
You are here:
Home
Ethical Hacking Discussions and Related Certifications
Other
Patch Management
EH-Net
May 23, 2013, 08:17:14 AM
Welcome,
Guest
. Please
login
or
register
.
Did you miss your
activation email?
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News
: Go back to The Ethical Hacker Network Online Magazine
Home Page
Home
Help
Calendar
Login
Register
EH-Net
>
Ethical Hacking Discussions and Related Certifications
>
Other
(Moderator:
don
) >
Patch Management
Pages: [
1
]
Go Down
« previous
next »
Print
Author
Topic: Patch Management (Read 6019 times)
0 Members and 1 Guest are viewing this topic.
Agoonie
Full Member
Offline
Posts: 176
Patch Management
«
on:
January 14, 2010, 11:29:58 AM »
Hello All,
If you guys don't mind, I was wondering if people could share there advice and their experience on patch management. How often they patch their systems, every day, week, quarter, etc? What tools they use and their experiences with those tools? Whether they concentrate on critical patches instead installing all patches?
Thanks in advance.
Logged
OSCE, OSCP, OSWP, CISSP, GPEN
www.agoonie.com
kennut
Newbie
Offline
Posts: 46
CISA, C|EH, CISM
Re: Patch Management
«
Reply #1 on:
January 15, 2010, 03:28:38 AM »
hello,
normally we suggest them to test the patches first before applying them. It would be good if they are tested in a test server (if they have spare servers).
In addition, critical patches should be checked with the vendor first (assuming you have some applications running above the O/S, therefore, it's good to ask them before applying, otherwise, you may have problems like blue screen or some services not running etc. (Bear in mind, all IT Dept will not do the patch because they'll say, if it's not broken, why fix it, (meaning, they're scared if things goes down, so give them OT to work on the recovery.....), however, the should get the approval or rationale for patching/not patching the updates etc.
Also document the patches before/after, so you got a trail on that. and of course all patches should be approved by the management.
Thanks.
Logged
Done all 3 certs, now going for CISSP.....
unsupported
Sr. Member
Offline
Posts: 318
Unofficial Newbie Moderator
Re: Patch Management
«
Reply #2 on:
January 15, 2010, 05:53:20 AM »
A certain company I may or may not be familiar with, has used various patch management tools, from rolling our own, Bladelogic, Patchlink, and SMS for OS and common applications Before any system is deployed, there is a risk assessment done on it, part of which involves a miniumum level of patching.
We patch the week following M$ Patch Tuesday. I believe other applications are caught in our defense in depth strategy of vulnerability scanning. If there is a known high or medium level vulnerability with an associated patch, then it is applied. (Unless it is a business critical application and nobody wants to take the blame for something going wrong)
It helps that there are corporate policies in place which outline that patch management must be performed on a regular basis, it's up to the individual areas to figure it out for themselves.
Logged
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
dalepearson
Sr. Member
Offline
Posts: 357
Re: Patch Management
«
Reply #3 on:
January 21, 2010, 09:43:30 AM »
In my opinion this really depends on the environment you are working in, the type of business you conduct and the methods used.
If you can share some more information, perhaps in a generic way, you can get some more targeted responses.
Ultimately its going to come down to the risk appetite of the business, how the organisation is structured, segmentation of the infrastructure, testing capabilities and budget.
Patch management is still something that so many organisations fail to do well, but at the same time it can be very simple.
Look forward to hearing more from you.
Logged
:: Subliminal Hacking ::
/
:: Security Active Blog ::
Agoonie
Full Member
Offline
Posts: 176
Re: Patch Management
«
Reply #4 on:
January 22, 2010, 07:47:18 AM »
Thank you everyone for the replies. I agree that patch management depends on the policies of the organization. I thought it was a good question to ask the community since it is such an important procedure for an organization with a security conscience. I know companies have different ways and applications of accomplishing it. I have seen SMS, shavlik, WSUS, Altiris, BigFix, etc. I was wondering if anyone was partial to one of them and why?
Also, I have seen people argue how often it should be done due to the testing required to install patches. Personally, I think once testing is done, you can install all tested patches. You never know if a low priority patch can be used for a higher vulnerability.
That is why I just wanted to see how other security minded people handled the task. Also, I think VMware is perfect for patch management because of snapshot. It is faster than using Ghost or Clonezilla.
Again, I want to say thanks for the comments.
Logged
OSCE, OSCP, OSWP, CISSP, GPEN
www.agoonie.com
dalepearson
Sr. Member
Offline
Posts: 357
Re: Patch Management
«
Reply #5 on:
January 26, 2010, 08:19:44 AM »
Personally I think WSUS is a good solution if your a Windows shop, however what ever works for the organisation is a good way to proceed.
I agree a VM environment can provide an excellent platform for multiple testing, rollbacks, etc a breeze, however I have seen on the odd occasion hardware issues with patching, so there is sometimes value in hardware based testing, especially if you have adopted standard hardware and this isnt a huge amount of devices.
Security Patching is important, however many organisations still do not treat it with the attention it deserves. Keeps us in a job though
Logged
:: Subliminal Hacking ::
/
:: Security Active Blog ::
Pages: [
1
]
Go Up
Print
« previous
next »
Jump to:
Please select a destination:
-----------------------------
EH-Net
-----------------------------
=> Calendar Of Events
===> ChicagoCon 2007
===> ChicagoCon 2008s
===> ChicagoCon 2008f
===> ChicagoCon 2009s
=> Ethical Hacktivism
=> News Items and General Discussion About EH-Net
===> Greetings
=> Special Events
-----------------------------
Ethical Hacking Discussions and Related Certifications
-----------------------------
=> General Certification
===> Networking
===> OS
===> Security
=> Compliance, Regulations & Standards
=> Control Systems
=> Cyber Warfare
=> Forensics
===> CCE / MCCE - (Master) Certified Computer Examiner
===> CHFI - Computer Hacking Forensic Investigator
===> EnCE - EnCase® Certified Examiner
===> GCFA - GIAC Certified Forensics Analyst
=> Hardware
=> Incident Response
===> CSIH - Computer Security Incident Handler
===> GCIH - GIAC Certified Incident Handler
=> Malware
===> Advisories
=> Mobile
=> Network Pen Testing
===> CEH - Certified Ethical Hacker
===> CPTC - Certified Penetration Testing Consultant
===> CPTE - Certified Penetration Testing Engineer
===> CSTA - Certified Security Testing Associate
===> eCPPT - eLearnSecurity Certified Professional Penetration Tester
===> ECSA - EC-Council Certified Security Analyst
===> GPEN - GIAC Certified Penetration Tester
===> OSCP - Offensive Security Certified Professional
=> Physical Security
=> Programming
=> Social Engineering
=> Web Applications
=> Wireless
===> CWNP Certs
===> GAWN - GIAC Assessing Wireless Networks
===> OSWP - Offensive Security Wireless Professional
=> Other
-----------------------------
Columns
-----------------------------
=> Editor-In-Chief
=> Andress
=> Gates
=> Haddix
=> Hadnagy
=> Heffner
=> Hoffman
=> Linn
=> RichM
=> Murray
=> J. Peltier
=> Weidman
=> Wilson
-----------------------------
Features
-----------------------------
=> /root
=> Book Reviews
=> Opinions
=> Skillz
===> Examples
===> May 06 - Star Hacks, Episode V: The Empire Hacks Back
===> July 06 - Hack Bill!
===> Sept 06 - Netcat in the Hat
===> Nov 06 - Hitch-Hackers Guide to the Galaxy
===> Dec 06 - A Christmas (Hacking) Story
===> Feb 07 - Charlottes Web Site
===> April 07 - Microsoft Office Space
===> June 07 - Serenity Hack
===> Oct 07 - Worst. Ethical. Hacker. Challenge. Ever.
===> Dec 07 - Frosty the Snow Crash
===> March 2008 - It Happened One Friday
===> Oct 2008 - Scooby Doo and the Crypto Caper
===> Dec 08 - Santa Claus Is Hacking to Town
===> Feb 2009 - Brady Bunch Boondoggle
===> July 2009 - Prison Break
===> October 2009 - SSHliders
===> December 2009 - Miracle on Thirty-Hack Street
===> December 2010 - The Nightmare Before Charlie Browns Christmas
-----------------------------
Resources
-----------------------------
=> Career Central
===> Looking For Work
===> Looking To Hire
=> Links to cool sites.
=> Mass Media
=> News from the Outside World
=> Tools
=> Tutorials
===> Tutorial Requests
Loading...
Exclusive Deal
SANSFIRE 2013
June 15 - 22
5% Off
w/ Code
:
EHN_5
SANS Deals 4 EH-Netters
5% OFF
Any
SANS Course
in Any Format!
Coupon Code:
EHN_5
Including
SANS Rocky Mountain 2013
&
SANS Boston 2013
Polls
Compared to this year, 2013 will be:
Great!
Better.
About the same.
Little worse.
FUBAR!
Recent Forum Topics
GCIH - GIAC Certified Incident Handler
: Passed my GCIH
(2) by
n37sh@rk
GCIH - GIAC Certified Incident Handler
: GCIH Free Practice test attempt
(0) by
prats84
News Items and General Discussion About EH-Net
: Change is Coming to EH-Net!!
(27) by
don
Greetings
: Hi from the UK
(2) by
n37sh@rk
Network Pen Testing
: AIX Vulnerability Assessments
(2) by
ras76
Tutorials
: Need guidance
(9) by
hanyhasan
Programming
: Finished Python Course in Codecademy now what?
(15) by
hanyhasan
Network Pen Testing
: Ruby on Rails Vulnerabilities / Attacks in BackTrack 5 r3
(0) by
SUdoctstudent
Network Pen Testing
: De-ICE 1.140 released!
(2) by
superkojiman
General Certification
: CPT Practical Submission
(1) by
UNIX
OSCP - Offensive Security Certified Professional
: Failed my first attempt at the OSCP exam
(94) by
azmatt
Tools
: Social-Engineer Toolkit (SET) Version 5.0 “The Wild West” Released
(2) by
m0wgli
Malware
: EICAR?
(3) by
UKSecurityGuy
Advisories
: HTB23154: Multiple Vulnerabilities in Exponent CMS
(0) by
AndyP
Advisories
: HTB23153: Multiple Vulnerabilities in Jojo CMS
(0) by
AndyP
Advisories
: HTB23151: Cross-Site Request Forgery (CSRF) in UMI.CMS
(0) by
AndyP
OSCP - Offensive Security Certified Professional
: Class Scheduled 6/8 - Linux n00b
(7) by
Taemyks
OSCP - Offensive Security Certified Professional
: OSCP exam scheduled
(6) by
gbhat
Incident Response
: LinkedIn Forensics
(0) by
AFENTIS_Forensics
General Certification
: Red Team/Blue Team
(1) by
ajohnson
Career Central
: Starter cert?
(3) by
Grendel
Network Pen Testing
: Beginner Ethical Hacker
(1) by
m0wgli
EH-Net News Feeds
Latest Additions
Privacy Notice
for TDCC & All Properties
© 2013 The Ethical Hacker Network
Joomla!
is Free Software released under the GNU/GPL License.
GCIH - GIAC Certified Incident Handler : Passed my GCIH
