Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] DOD to automate deployment of security patches

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] DOD to automate deployment of security patches
Date: Fri, 18 Nov 2005 01:16:28 -0600 (CST) 
http://www.gcn.com/vol1_no1/daily-updates/37584-1.html

By Dawn S. Onley 
GCN Staff
11/17/05 

The Defense Department recently made it mandatory for computer users 
to deploy automated security tools across the department to better 
protect networks from viruses. 

The Communication Tasking Order, a policy directive released Nov. 3 by 
the commander of the Strategic Command, orders Defense agencies to 
"immediately initiate" the machine-to-machine patches to automatically 
repair vulnerabilities as soon as software patches become available. 

The order sets a phased timeline for compliance and allows for 
operational necessities, according to Timothy Madden, spokesman for 
the Joint Task Force for Global Network Operations. JTF-GNO is charged 
with operating and defending the Global Information Grid - the Defense 
Department's classified and unclassified network. 

The new directive requires that all patches be installed immediately 
using commercial and government tools currently available, with an eye 
toward standardization in the future. 

"There are various tools available now, both in the commercial sector 
and in the government, that are capable of providing such 
remediation," Madden said. "The JTF-GNO is directing the use of such 
tools across the GIG, and that such tools must be standardized by a 
certain time." 

Air Force Lt. Gen. Charles Croom, director of the Defense Information 
Systems Agency, said automated patch rollout would boost the network 
security posture across DOD. Croom called the current process 
manual-intensive. 

"When there's a vulnerability identified in a particular piece of 
software, they [software companies] push those patches to us and we 
push those patches to the services and require implementation," Croom 
said. "Obviously, the trick is how fast can you get them and how fast 
can you implement them? And so, I think you see us focusing on the 
techniques, tactics and procedures to do that better."

Croom, who also serves as commander of JTF-GNO, said the new policy 
would make the implementation of patches an instant process. 

"We don't do the patches instantly. But we get viruses instantly, so 
even days are too long to implement patches, and for us it takes days 
and weeks," Croom said. "The vision for the future is you get the 
person out of the loop and you get machine-to-machine ability so you 
have the patches automatically distributed and loaded on whatever 
piece of equipment needs to be patched." 



_________________________________________
Earn your Master's degree in Information Security ONLINE
www.msia.norwich.edu/csi
Study IA management practices and the latest infosec issues.
Norwich University is an NSA Center of Excellence.
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] DOD to automate deployment of security patches, InfoSec News <=
Previous by Date:  [ISN] Real Story of the Rogue Rootkit, InfoSec News
Next by Date:  [ISN] Prosecutors' office approves arrest of computer hacker, InfoSec News
Previous by Thread:  [ISN] Real Story of the Rogue Rootkit, InfoSec News
Next by Thread:  [ISN] Prosecutors' office approves arrest of computer hacker, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]