Security Management Strategies for the CIOAccess "Viewpoint: Creative patch management workarounds"
This article is part of the March 2007 issue of Compliance vs. security: Prevent an either-or mentality
Creative Patch Testing Workarounds Regarding "Patch Testing Past Its Time?" (January 2007), I am a systems analyst and the network administrator for a small company (about 100 users). I don't have a separate test environment for thorough testing of patches released by Microsoft. What I do have is a patch manager application by Numara Software, which has an agreement with Shavlik Technologies, so my patches actually come from the Shavlik database and Web site. My second layer of defense against problem patches is staged scheduling. I have a schedule set up where a small group of servers and XP workstations is patched and rebooted in the middle of the night starting on Patch Tuesday. Each night through the next weekend, a small group of servers is patched and rebooted. The only problems I've run into so far is the occasional "end program" error Windows displays while trying to shut down, or the occasional hanging of a server during the shutdown process. The above scenario is a pretty decent workaround for not having the same resources as larger, ... Access >>>
Access TechTarget
Premium Content for Free.
What's Inside
Features
-
-
DigitalPersona Workstation Pro and Server for Biometric Authentication
This review evaluates DigitalPersona Pro, a single sign-on (SSO) software suite that allows an enterprise to replace passwords with biometric fingerprint readers or provide dual-factor authentication.
-
Security product and tools news and releases: Trend Micro, Citrix
Get the latest news and releases on security tools and products for intrusion detection and protection, email and USB security. Get info on price, setup and installation.
-
Enterprise UTM products differ from all-in-one SMB appliances
UTM appliance struggle to find their niche in the enterprise as large companies prefer best-in-breed security products.
- Events: Information security conferences for March 2007
-
Risk Policy: Elemental Security Platform product review
In this review, get information and advice on Elemental Security Plaform (ESM) products, such as expenses and setup, configuration and compliance features.
-
Prioritizing compliance and information security
Have compliance demands refocused and weakened information security efforts?
-
DigitalPersona Workstation Pro and Server for Biometric Authentication
-
- Viewpoint: Creative patch management workarounds
-
Product review: e-DMZ Security's eGuardPost
This product review examines e-DMZ eGuardPost's capabilities that allow security managers to apply granular access controls to remote connections. The appliance also comes bundled with Security's Password Auto Repository (PAR), e-DMZ's flagship product, which securely stores and manages administrative passwords
-
Thin clients a malware-free desktop option
A Maine health care provider sheds its spyware-ridden, burdensome PCs for a safer, more manageable thin client environment.
-
Sun Microsystems' Sun Java System Identity Manager 7.0 Product Review
Product review of Sun Microsystems' Sun Java System Identity Manager 7.0 tool security features, configuration, setup and installation.
-
Product review: Six removable device control security products
Six removable device control security products that provide centrally managed granular control over ports, interfaces and storage devices are reviewed. This review evaluates: DeviceLock 6.0 from SmartLine, Sanctuary Device Con-trol 4.0 from SecureWave, Endpoint Access Manager 3.0 from ControlGuard, Device-Wall 4.5 from Centennial Software, Safend Protector 3.1 from Safend and Protect Mobile from Workshare.
-
Columns
-
Bruce Schneier and Marcus Ranum debate the necessity of penetration tests
Pen tests identify your organization's weaknesses. Bruce Schneier and Marcus Ranum debate whether organizations really want to document all the ways networks are insecure.
-
Ping: Mark Odiorne
Mark Odiorne
-
CISO priorities focused on compliance over security
Regulatory demands have forced CISOs to prioritize compliance over data and intellectual property protection.
-
Secure software development needs to be treated as other engineering disciplines
Almost no university teaches quality or security as part of their software engineering or computer science majors, a major reason for today's application security problems.
-
Bruce Schneier and Marcus Ranum debate the necessity of penetration tests
More Premium Content Accessible For Free
Unlock new pathways to network security architecture
E-Zine
Network security architecture is showing its age at many organizations. With new technology, different data types, and use of multi-generations of ...
Emerging threat detection techniques and products
E-Handbook
Advanced persistent threat (APT) has been a used and abused term in the security industry, but security experts say targeted attacks are a growing ...
The rapid evolution of MDM solutions
E-Zine
Mobile device management (MDM) continues to grow at a feverish pace, both in terms of adoption and mobile security features. BYOD policies, and the ...