HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 77 guests and 1 member online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Otherarrow Patch Management Strategy
EH-Net
May 26, 2012, 07:24:48 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Patch Management Strategy  (Read 1174 times)
0 Members and 2 Guests are viewing this topic.
l33t5h@rk
Guest
« on: October 05, 2011, 10:13:51 PM »
SANS ISC put up an article about a month ago I've been meaning to discuss. It questions the current paradigm of patch management in today's world and its surplus of updates. Has anyone seen a general change in the strategy of patch management at their organizations?

Link to article here:
http://isc.sans.edu/diary.html?storyid=11527&rss
Logged
cd1zz
Sr. Member
****
Offline Offline

Posts: 393


View Profile WWW
« Reply #1 on: October 05, 2011, 10:59:57 PM »
The biggest change I've seen is that critical testing has only held true on mission critical boxes. We basically push out updates quickly to the users, including all third party apps. Still use a small test group but the vetting process is much less extensive than it used to be. I totally agree with the article that its probably riskier to wait to patch than to risk blowing up their PCs. It just doesn't seem to happen that often anymore.

However, in very large organizations this strategy could be dangerous. If you blew up 20K PCs with one update, you'd probably have a bigger problem on your hands!
Logged
OSCE | OSCP | OWSP | CISSP
http://www.pwnag3.com
http://www.networkadminsecrets.com
SephStorm
Sr. Member
****
Offline Offline

Posts: 416


View Profile WWW
« Reply #2 on: October 06, 2011, 08:01:38 AM »
From what i've seen, patch management defiantly doesn't follow the official party path of testing and release. From what i've seen, patch management means ineffective software solutions, and no enforcement of policies.  Cool
Logged
Support my hactivities.
http://www.cafepress.com/TRUEHacker
l33t5h@rk
Guest
« Reply #3 on: October 06, 2011, 08:27:53 PM »
Thanks for the replies. I am starting to make a push for more frequent updates in our non-production regions but sticking with the regular schedule (monthly) in production.
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.257 seconds with 21 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.