Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

R: Re: Patch Management on Critical Servers (Healthcare)

from [Michele.Nappa] Network Security [Permanent Link]
Subject: R: Re: Patch Management on Critical Servers (Healthcare)
Date: Thu, 11 May 2006 09:26:30 +0200 
We indeed adopted a three layer way to deploy fix. First of all, there's a 
complete virtual domain hosted on a VS 2005 R2 server with 2 DC, 2 Exchange 
server in MSTSC and other 15 virtual servers to replicate the most critical 
aspects of our network.

We deploy fix in this virtual domain. If all goes well, we deploy them on 
limited number of member servers, for example passive cluster nodes, NLB hosts 
with higher priority, ..., and on a limited number of representative 
workstations that resumes production environment.

If all goes well we approve fixes for all production environments. These fix 
will be deployed on different days for different groups to avoid the denial of 
service if a fix slip out of all these controls.

All this was accomplished using WUS.

Michele Nappa 

-----Messaggio originale-----
Da: gabe406@msn.com [mailto:gabe406@msn.com] 
Inviato: mercoledì 10 maggio 2006 15.57
A: focus-ms@securityfocus.com
Oggetto: Re: Re: Patch Management on Critical Servers (Healthcare)

Hello,

I can't comment on the FDA approved configurations, but I can give you our 
experiences with patch management in the healthcare industry. I maintain a 
network of servers for a non-profit company in the healthcare provider services 
area so budgets are examined closely as well as security of our data. After 
researching several options to secure our network with patch management we 
started using Patchlink Update (www.patchlink.com). To our surprise Patchlink 
gave us an efficient and customized process of deploying patches to our servers 
and nodes.

With Patchlink each patch released by Microsoft is tested and then released 
which makes our testing easier. So we just wait for Patchlink to test and 
release the patch then we apply the patch in our test environment and monitor 
any negative effects. We then select a few users on our network and deploy the 
patch using Patchlink. If all goes well, within a week the patch is completely 
deployed to all appropriate nodes and servers.

Downtime is easily managed by Patchlink, using the reboot scheduling options of 
each patch. For example, on our Exchange server will deploy the newest patch 
MS06-019 (after testing) on Saturday at 11:00pm and then have Patchlink reboot 
the server to complete the process so downtime is minimal.

Please feel free to contact me for any details or items I did not answer.


Gabriel Selmi

Network Administrator

---------------------------------------------------------------------------
---------------------------------------------------------------------------




---------------------------------------------------------------------------
---------------------------------------------------------------------------
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • R: Re: Patch Management on Critical Servers (Healthcare), Michele.Nappa <=
Previous by Date:  How to securely leverage Microsoft AD for Outsourcing and third party systems authentication., Serge Vondandamo
Next by Date:  Re: Patch Management on Critical Servers (Healthcare), Bryan S. Sampsel
Previous by Thread:  SecurityFocus Microsoft Newsletter #290, Marc Fossi
Next by Thread:  RDP to XP clients, Curt Shaffer
Indexes:  [Date] [Thread] [Top] [All Lists]