What security patch update method is recommended? - ng.asp-net-forum.windows-hosting_open_forum

CodeVerge.Net ^Beta
Explore Item Entry Register Login

Novell Forums

Zone:

> NEWSGROUP > Asp.Net Forum > windows_hosting.hosting_open_forum

Tags:

Item Type:

NewsGroup

Date Entered:

7/14/2004 12:28:07 AM

Date Modified:

Subscribers:

Subscribe Alert

Rate It:

(NR, 0)

XPoints:

N/A

Replies:

Views:

Favorited:

Favorite

Can Reply: No

Members Can Edit: No

Online: Yes

4 Items, 1 Pages 1 |< << Go >> >|

	tatoosarlac
	Asp.Net User

What security patch update method is recommended?

7/14/2004 12:28:07 AM

0/0

Thanks Matthew for the information you sent me. Per your request I am posting the original question to the forums for others to share with.

What Windows security patch update method is recommended for hosters?

	Matthew Boettch
	Asp.Net User

Re: What security patch update method is recommended?

7/15/2004 10:35:51 PM

0/0

Software Update Services is the basic security patch update management method recommended to all hosting services providers for their Windows servers. Current information and download material is available at: http://www.microsoft.com/windowsserversystem/sus/default.mspx

Software Update Services will be re-launched as Windows Update Services in the first half of 2005. In early Winter of this year an Open Evaluation Program will be conducted in conjuction with the Beta 2 version of Windows Update Services. Unlike a closed beta review, everyone who registers for the Open Evaluation Program will be able to evaluate the product.

Windows XP SP2 will have a new Automatic Updates agent included. I do not know at this time any information on an updated agent for the server operating systems, but would assume that one would be release by if not with the final version of Windows Update Services.

There will be a migration toolkit included with Windows Update Services to upgrade all users of Software Update Services, so if you have been holding off on implementing Software Update Services we encourage you to go ahead and implement it now. For your basic security operations you should at least have your servers configured to download updates from the Windows Update Web site and installed at a scheduled time of night.

Matthew Boettcher
Web Platform Technical Evangelist (Hosting)
Developer & Platform Evangelism Division (DPE)
Europe, Middle East, and Africa Region (EMEA)
Microsoft Corporation

	qbernard
	Asp.Net User

Re: What security patch update method is recommended?

7/19/2004 2:04:08 AM

0/0

Try http://www.patchmanagement.org as well.

Cheers,
Bernard Cheah

	jjstreic
	Asp.Net User

Re: What security patch update method is recommended?

7/22/2004 5:47:36 PM

0/0

It?s really tough to recommend any specific patch method without understanding what the requirements and limitations are. I?m not trying to skirt the answer, this is just how it is. What I can do is kind of lay out what the different methods of patching are and where they are applicable.

There are 4 main methods of patching Windows systems.

1) Manual patching
Let?s be real, this isn?t an option

2) Windows Update Client and/or SUS
This solution is probably the most flexible, especially with the inclusion of SUS (Software Update Services). The setup of SUS is very well documented here:
http://download.microsoft.com/download/c/d/8/cd8ac959-37a8-4e5b-860a-465b179984af/SUS_Deployguide_sp1.doc

This is great as once you test your patches you can have all your configured clients update in one shot.

SUS does not require all the client machines to be in AD. Having AD is very helpful as one can use Group Policy to configure the clients. There are, however, scripts that can be run to configure non-domain clients to use SUS.

One thing to be aware of is that if you have multiple classes of systems that require different patches you will have to have a SUS server for each different set of clients. This limitation is being overcome with the upcoming SUS2.0 (Windows Update Server). I personally am eagerly waiting for this software!

3) SMS
SMS can do much more than simple patch management and but it does do a pretty good job of it. More info on SMS can be found here: http://www.microsoft.com/smserver/default.asp

4) 3rd party patching solutions
Lots and lots of these out there. I have heard good things about PatchLink but I have not used this personally. Perhaps others can comment on this.

I use SUS for most everything and I have found it to be the most flexible and cost effective method in my environment. How well this will work in your shop I can't say.

Does this help? If you need more information please let me know.

Thanks

Technical Account Manager
Microsoft Communication Sector North America
This posting is provided "AS IS" with no warranties, and confers no rights. Script samples are subject to the terms at http://www.microsoft.com/info/cpyright.htm"

4 Items, 1 Pages 1 |< << Go >> >|

Free Download:

Books:

Windows XP All-in-One Desk Reference For Dummies Authors: Woody Leonhard, Pages: 816, Published: 2004

Information Security Management Handbook Authors: Harold F. Tipton, Micki Krause, Pages: 3231, Published: 2007

How to Cheat at Designing Security for a Windows Server 2003 Network: The Windows Server 2003 Security Guide Authors: Rob Amini, Chris Peiris, Elias N. Khnaser, Laura E. Hunter, Susan Snedaker, Pages: 575, Published: 2006

Hardening Network Infrastructure: Bulletproof Your Systems Before You are Hacked! Authors: Wesley J. Noonan, Pages: 552, Published: 2004

Information Security Management, Education and Privacy: IFIP 18th World Computer Congress : TC11 19th International Information Security Workshops, 22-27 August 2004, Toulouse, France Authors: Yves Deswarte, Frederic Cuppens, Sushil Jajodia, Lingyu Wang, Pages: 314, Published: 2004

Hardening Network Security: Network Security Authors: John Mallery, Jason Zann, Patrick Kelly, Wesley Noonan, Paul Love, Eric S. Seagren, Rob Kraft, Mark O'Neill, Pages: 593, Published: 2005

Citrix Access Security for IT Administrators Authors: Citrix Product Development Team, Citrix Product Development Team, Citrix Engineering Team, Pages: 268, Published: 2006

Applied Cryptography and Network Security: 6th International Conference, ACNS 2008, New York, NY, USA, June 3-6, 2008, Proceedings Authors: Steven M. Bellovin, Pages: 508, Published: 2008

Real World Linux Security: Intrusion Prevention, Detection, and Recovery Authors: Bob Toxen, Pages: 810, Published: 2003

Cyber Warfare and Cyber Terrorism Authors: Lech J. Janczewski, Andrew M. Colarik, Pages: 532, Published: 2008

Web:
Outlook 2002 Security Patch: KB828040 - Office XP Resource Kit ... The recommended method for distributing the administrative version of the Outlook 2002 security patch is to apply it directly to client computers. ...
Customer Support - Real Security Updates RealNetworks, Inc. Releases Update to Address Security Vulnerabilities ... patch per the instructions below to address this security vulnerability that aims ...
SunOS : 9 Recommended Patch Cluster Feb 23, 2007 ... In most cases a Solaris security patch will be included in the .... on which method you wish to install the cluster: Recommended Method ...
SUMMARY: kernel patch question (long): msg#00004 I wanted to try and clarify, when installing recommended and security patches, ... I'm speaking of the patch listed as SunOS 5.x: Kernel update patch. ...
Excel 2002 Security Patch: KB830350 - Office XP Resource Kit ... The recommended method for distributing the Excel 2002 security patch is first to update your administrative installation point, and then recache and ...
Adobe - Security Advisories : APSB08-15: Security Update available ... Security Update available for Adobe Reader and Acrobat 8.1.2 ... This update resolves an input validation issue in a JavaScript method that could ...
Security | Critical Patch Update - July 2006 A Critical Patch Update is a collection of patches for multiple security vulnerabilities. ..... There are no recommended workarounds for the Oracle Database ...
P-100: Oracle Critical Patch Update Jan 18, 2005 ... The Critical Patch Update introduces the Risk Matrix as a method to .... and Applications This Critical Patch Update contains security fixes ...
Software Update Service to Ease Patch Distribution - Directions on ... 2002, Microsoft issued 15 security bulletins, most of which involved some ..... Ideally, organizations need an update method that allows server farms to ...
AhnLab - Antivirus Software and Security Solutions Provider Aug 14, 2008 ... The method of updating a security patch program is simple. In fact, Microsoft supports an auto-update function that automatically checks if ...

Videos:

http://video.google.com/googleplayer.swf?videoUrl=http://vp.video.google.com/videodownload%3Fversion%3D0%26secureurl%3DXwAAAAFOvQQ4wPHneTgFJecg17lAsGZ8qvtXibMyjhJ9eLBfbIJOmXSq1rojAutqr81Zj3ctdLegrkY_fTH94q4Nmni2EZB6L5nDhYrbpZ1QwKjRTdT6yAiJRr4Q6-Ng1asMLw%26sigh%3Dyksp0QO9mXE1L8KzhPDzkWCWAmI%26begin%3D0%26len%3D36900832%26docid%3D-8998613917213332529&thumbnailUrl=http://2.gvt0.com/ThumbnailServer2%3Fapp%3Dvss%26contentid%3D4622c0fd8798093e%26offsetms%3D5000%26itag%3Dw160%26hl%3Den%26sigh%3D8Osag3zKQJuKHf4s7k0O4triuhs&docid=-8998613917213332529&hl=en&q=What+security+patch+update+method+is+recommended++(site:video.google.com+OR+site:youtube.com)&source=uds&playerMode=simple&autoPlay=true

Long Beach City Council Meeting Long Beach City Council Meeting

http://video.google.com/googleplayer.swf?videoUrl=http://vp.video.google.com/videodownload%3Fversion%3D0%26secureurl%3DXgAAANudJwykm2qHHXbtZCKtiFfc6DiCfPAUBKHcxeFE1Ar-twfHSRDTMMGurWBRUvLHHTU2RMFJz3YP0rM2psBc7EFrjAUxtkLr5rpjUT4f1eXVhi_6HNxSFjChltGQW6-2FQ%26sigh%3Dtcev8YiqZS3gyrsWgwnYCy23gUU%26begin%3D0%26len%3D22555233%26docid%3D4138981197840846947&thumbnailUrl=http://2.gvt0.com/ThumbnailServer2%3Fapp%3Dvss%26contentid%3Ddf44c7fae0a7b926%26offsetms%3D5000%26itag%3Dw160%26hl%3Den%26sigh%3D0HYVEhaSjLCBrQD-7r4Y3nYMfPY&docid=4138981197840846947&hl=en&q=What+security+patch+update+method+is+recommended++(site:video.google.com+OR+site:youtube.com)&source=uds&playerMode=simple&autoPlay=true

Santa Monica Council Meeting Santa Monica Council Meeting

Search This Site:

Invite

History

Resources

Members

SiteMap

create usercontrol at runtime, save it as file and load it. works??

composite control htmltablecell problem

looking for a good tutorial

setting an imagebutton to use an embedded resource image

where is my description text for my property?

custom control vs. user control

parsing render blocks in a control

strangely bandwidth usage problem help?!??

spell checker -- should i build or buy? -- anyone suggest a 3rd party that you like?

get embedded image from dll and display it in the html form

dropdownlist that doesn't load until it is clicked

variables not retaining value

how to access eventhandlerlist for the event declared as "public event..." in vb.net

dynamically created controls and viewstate in a composite control

tagprefix and mulitple namespaces problem

multi-assembly dll guru required

custom server control - moving within the vs.net designer - help needed

how do i send an instance of a control to a class?

plz tell me to which host to choosei

looking for a hosting solution for asp.net 2.0

user control from code behind page failure

javascript onclick event

mass asp.net hosting

build my own control entirely in it's own dll

<partialcaching(120)> _ does not

titlebar control

problem with button_click in webpart

css builder control?

solution : webcontrol & collections & imageurleditor & design time

custom control loaded in pre_render

Privacy | Contact Us
All Times Are GMT