Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Patch Management on Critical Servers (Healthcare)

from [jconrad] Network Security [Permanent Link]
Subject: Re: Patch Management on Critical Servers (Healthcare)
Date: 11 May 2006 00:36:37 -0000 
Matthew,

We have a mixed environment, but mostly Windows. Each month we apply the 
patches based on criticality, vendor input on their testing and supportability, 
and minimizing down-time.  We use St. Bernard's Update Expert.  IS reps 
coordinate reboot time with users after testing is complete and the patch is 
applied.  Any app that we can do outside of our monthly down-time (mostly 
non-security related), we do.  This varies by system, but the fewer systems we 
have to patch/reboot at the planned down-time keeps the variables to a minimum 
(i.e. why is this not working anymore, what was changed last?).  The down-time 
per system is short and has come to be expected as a cost of doing business.  
We also have a change control process to discuss potential impacts and 
work-arounds.  In general, most vendors are coming around on patching FDA 
systems, but some big ones like Seimens are still a pain.  Those systems remain 
unpatched but have other controls or mitigating circumstances that reduce 
 the risk.  Worst case is they will be taken offline if infected.

---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: USB device installation problem, wwd
Next by Date:  How to securely leverage Microsoft AD for Outsourcing and third party systems authentication., Serge Vondandamo
Previous by Thread:  Re: RE: Patch Management on Critical Servers (Healthcare), RLINKE
Next by Thread:  Re: Patch Management on Critical Servers (Healthcare), Bryan S. Sampsel
Indexes:  [Date] [Thread] [Top] [All Lists]