RE: Microsoft's Early Xmas Present.

From: H C (keydet89at_private)
Date: Thu Jan 03 2002 - 08:59:03 PST

Next message: John Sage: "Re: Microsoft's Early Xmas Present."

Previous message: Cloppert, Michael: "RE: Microsoft's Early Xmas Present."
In reply to: Cloppert, Michael: "RE: Microsoft's Early Xmas Present."
Next in thread: Valdis.Kletnieksat_private: "Re: Microsoft's Early Xmas Present."
Reply: Valdis.Kletnieksat_private: "Re: Microsoft's Early Xmas Present."
Reply: Eric Jon Rostetter: "RE: Microsoft's Early Xmas Present."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> One thing that irritates me is the notion that "the
> patch has been out for x
> months and companies should be patched."  

I would have to agree.  I have conducted assessments
at enough locations to know that simply arbitrary
installing a patch can do more harm than good.  And
not all organizations have the staff, technical
know-how, or hardware to test out patches.

However, I do think that more should be done by
individual organizations to come up with *some* means
of dealing with these issues.  Yes, Microsoft has done
quite a bit with their products to make them a
management and administrative nightmare, but I am also
quite sick of hearing the excuse that organizations
aren't subscribing to the Security Bulletins b/c there
are just too many to deal with.  It doesn't take much
more than a few seconds to see if the issue affects
you at all...if you use Eudora, then an OutLook
vulnerability won't be an issue, will it?

Arbitrarily installing every patch that comes out
isn't the answer.  But neither is doing nothing.  Do
router/firewall ACLs need to be updated?  What about
IDS signatures?  
 
> Should admin's be dilligent in patching? 
> Absolutely.  Laziness is really
> the only reason for not working on patches. 
> However, keep in mind that
> while a shop with 20 servers can be patched
> carefully in a week or less, a
> shop with 300 can take significantly more time.

I agree.  However, look at Code Red...had admins
followed the simple tenet of not allowing unnecessary
services or functionality, the ida/idq script mappings
would have been disabled during or following
installation, and the systems would not have been
vulnerable.  Many of the affected systems didn't even
require the functionality.  Same is true for the older
.htr issue.  

Being diligent w/ patches is certainly something
important, but it's far more important to be diligent
w/ issues.  Default installations of products...any
products...are going to come back and bite you in the
butt.  


__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: John Sage: "Re: Microsoft's Early Xmas Present."
Previous message: Cloppert, Michael: "RE: Microsoft's Early Xmas Present."
In reply to: Cloppert, Michael: "RE: Microsoft's Early Xmas Present."
Next in thread: Valdis.Kletnieksat_private: "Re: Microsoft's Early Xmas Present."
Reply: Valdis.Kletnieksat_private: "Re: Microsoft's Early Xmas Present."
Reply: Eric Jon Rostetter: "RE: Microsoft's Early Xmas Present."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 03 2002 - 10:08:44 PST