Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: exploit to vulnerability

from [Steve Manzuik] Network Security [Permanent Link]
Subject: RE: exploit to vulnerability
Date: Tue, 30 Aug 2005 15:37:37 -0700 
-----Original Message-----
From: Murad Talukdar [mailto:talukdar_m@subway.com]
Sent: Friday, August 19, 2005 2:11 AM
To: focus-ms@securityfocus.com
Subject: exploit to vulnerability

With all the issues highlighting the speed that exploits are now being
written (eg http://www.securityfocus.com/news/11285 ) The window between
exploit/vuln, appears on average, to be getting tighter.

We have an SME network and I used to have a week or so to test patches
before rolling them out. 
This all begs the question now, with limited resources, do I just patch
and not worry about testing? I definitely have fewer resources than some
of the companies that were hit (CNN et al) and less time to dedicate to
patching. 

Should I just use auto updates/GP to patch everything regardless?
What do other SME admins do?

Kind Regards
Murad Talukdar

--------------------------------------------------------------


In my opinion.  Testing the patches, regardless of what vendor they come
from, is a must in most environments.  Be it that this testing is a
group of non-essential machines that get the patches first or a real
test lab environment.  While there has not been major issues with
mainstream software and mainstream patches organizations that have less
than mainstream apps or custom apps still have issues with various
patches.

At risk of sounding like the typical vendor, the real answer at the end,
is to mitigate the vulnerability to a point where you can properly test
the patches and roll them out when it makes sense for your
organizations.  On smaller to medium sized networks getting the patches
out there is a pain in the rear but doable.  Imagine the pain felt by
larger networks who in most cases are never completely patched.  At
least this was my experience from my pen-test days.

If you are relying on patching only for your security.  You will
eventually get bit.  Look at the recent set of Microsoft patches as an
example and how quick we saw not one, but three different exploits
released with in days of the patch and worms shortly after.

Signed,
Steve Manzuik
eEye Digital Security


http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner 
http://eEye.com/Iris - Network Traffic Analyzer 
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities 


I read my email with Outlook
I read your email with Iris


---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SecurityFocus Microsoft Newsletter #253, Marc Fossi
Next by Date:  RE: exploit to vulnerability, Murad Talukdar
Previous by Thread:  Re: exploit to vulnerability, Bruce Martins
Next by Thread:  RE: exploit to vulnerability, Murad Talukdar
Indexes:  [Date] [Thread] [Top] [All Lists]