Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: exploit to vulnerability

from [Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]] Network Security [Permanent Link]
Subject: Re: exploit to vulnerability
Date: Fri, 19 Aug 2005 19:57:53 -0700
...and honestly...when's the last time you truly had an issue with a security patch on your desktops?

Keep that in mind when you deploy/test.

Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:

Myself and other person are my 'canaries' in my office. We get the first. Patches are deployed to a 'like' server at home. I then watch the traffic in my Communities...www.patchmanagement.org has a very active patch issue community and issues are reported there.

There's also a WSUS listserve as well.

If you cannot test.. you listen to those who can.

Bruce Martins wrote:

To be honest I use my own machine to test out the patches before applying them to machines, not the best way but cuts down on time I don't have to test also use of vmware sometimes
Bruce Martins
Systems Administrator
EXTEND>>MEDIA
190 Liberty Street
Toronto, Ontario
Canada
M6K 3L5
_______________________
e:bmartins@extend.com
t: (416) 535-4222 ext. 2307
f: (416) 535-1201
http://www.extend.com
--------------------------
Sent from my BlackBerry Wireless Handheld


-----Original Message-----
From: Murad Talukdar <talukdar_m@subway.com>
To: focus-ms@securityfocus.com <focus-ms@securityfocus.com>
Sent: Fri Aug 19 02:11:17 2005
Subject: exploit to vulnerability

With all the issues highlighting the speed that exploits are now being
written (eg http://www.securityfocus.com/news/11285 )
The window between exploit/vuln, appears on average, to be getting tighter.

We have an SME network and I used to have a week or so to test patches
before rolling them out. This all begs the question now, with limited resources, do I just patch and
not worry about testing? I definitely have fewer resources than some of the
companies that were hit (CNN et al) and less time to dedicate to patching.
Should I just use auto updates/GP to patch everything regardless?
What do other SME admins do?

Kind Regards
Murad Talukdar




---------------------------------------------------------------------------

---------------------------------------------------------------------------





---------------------------------------------------------------------------

---------------------------------------------------------------------------







--
Letting your vendors set your risk analysis these days? http://www.threatcode.com


---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: exploit to vulnerability, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Date:  Re: exploit to vulnerability, Douglas Duckworth
Previous by Thread:  Re: exploit to vulnerability, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Thread:  Re: exploit to vulnerability, Angel Marin
Indexes:  [Date] [Thread] [Top] [All Lists]