Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: WSUS/Reboot

from [Mike.Carney] Network Security [Permanent Link]
Subject: RE: WSUS/Reboot
Date: Fri, 17 Jun 2005 10:35:11 -0400 
Hi Ronald,

Your probably going to hate this answer but I'm going through the same
process here myself.

The best way to keep yourself and the company as a whole covered as far
as down time is sit down with the business side of the company and
determine what your maintenance windows are.  From there you can develop
a list of servers and there availability to be patched and rebooted.

It really needs to become a policy rather than a technical question.
For example,

You will go to management and say when can this set of servers be
rebooted(make sure they know this means downtime), you list the server
names and in there they will see your e-mail and database servers.  To
which they will respond "these can't be down" and you will have to
explain that this is possible but it will cost a ton of money to cluster
the servers they have said "can't be down" and if they don't patch the
servers they can become infected or hacked and the company will have an
extended period of down time due to a virus taking out the server or the
other(perhaps scarier scenario) is that the company would have to go to
their customers and explain why there data was stolen.

At this point the business side will either pony up the money to cluster
the systems or they will work with you to find the different windows
during the month/week that you are able to patch the servers and reboot
them.  

You should also work in here the emergency patching that may need to
occur if a large virus outbreak occurs.

Anyway, good luck on this, it is a lengthy process that you have to go
through, but in the end you will be able to have a good idea when things
can be patched and rebooted and have ammo if anything bad were to
happen.

Thanks,

Mike

Msoft Doc:
http://www.microsoft.com/downloads/details.aspx?FamilyID=227ad5a5-676f-4
f00-bc7a-3c7058f1f327&DisplayLang=en

-----Original Message-----
From: Ronald Balk [mailto:r.balk@nl.intrum.com] 
Sent: Friday, June 17, 2005 5:31 AM
To: focus-ms@securityfocus.com
Subject: WSUS/Reboot


Hiya all,

We have been testing with this new WSUS from MS.
All seems fine -;)
My question is how to handle the server reboots after a installed
security patch which requires a reboot.
We hold about 150 servers, mixed Exchange, reverse proxy, Sql etc.etc.
Whats the best way to manage this ?

Thanks
Ronald Balk

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: IE in Kiosk mode, Paul
Next by Date:  RE: IE in Kiosk mode, Schrum, Allan (Allan)
Previous by Thread:  Re: WSUS/Reboot, Susan Bradley
Next by Thread:  RE: WSUS/Reboot, David LeBlanc
Indexes:  [Date] [Thread] [Top] [All Lists]