Re: [foxboro] Win Server Updates
- From: Brian Long <blong@xxxxxxx>
- To: foxboro@xxxxxxxxxxxxx
- Date: Tue, 18 Feb 2014 16:26:09 -0600
Great point. How often should boxes be patched?
Thanks,
Brian
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx]
On Behalf Of Michael Toecker
Sent: Tuesday, February 18, 2014 4:00 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Win Server Updates
If restarting a server/workstation isn't an option, then you have a larger
problem than not being able to patch. If a single system is so critical to
your operation that you can't handle any downtime from it, I list that in
security assessment reports as a finding that needs fixing. What happens
when it's power supply dies, or hard drive falls apart, or the caked dust
inside finally causes it to overheat and melt? Considering all the varying
ways a computer can die that are not cyber security related, having good
redundancy is extremely important.
Patching systems is fixing them so that a vulnerability can no longer be
exploited. Anti-Virus is great, but it doesn't fix a vulnerability. AV
puts in place some measures to try to limit your exposure to a
vulnerability, and keep malicious software delivered through that vuln
from becoming resident on the system.
For instance, the Conficker virus used vulnerability MS08-067 to spread
from system to system, by exploiting a specific service. Conficker would
then be loaded on the victim, which would then seek to exploit more
systems and spread. If you had anti-virus, it might stop Conficker from
spreading, but you were still vulnerable to the MS08-67 exploit if another
virus were to come along. This is important for control systems, as
Conficker was extremely aggressive when scanning, to the point that it
could overwhelm a network, especially something like a certain /16
network.
Mike
On Tue, Feb 18, 2014 at 2:49 PM, Solis, Roy <roy.solis@xxxxxxxxxxxx>
wrote:
> Also, patching is necessary for all windows systems. Especially for
> critical or high priority patches. These are usually a result of a
> flaw in the application or service that can result in data exposure or
> remote code execution. These kinds of patches need to be addressed
> immediately or you risk a compromise.
>
> A lot of people don't patch systems because it's too much trouble or
> because they think they are "air-gapped" only to find out they have
> been compromised for months or even years because they had that 1
> historian connection to their DCS and patching was too much trouble.
>
> Just my past experience :)
>
> Roy Solis
> Sr. Security Consultant
> IOM Consulting
> M:(972) 832-5742
>
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
> On Behalf Of Solis, Roy
> Sent: Tuesday, February 18, 2014 2:41 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Win Server Updates
>
> With GFI you can deploy the patches and set it to reboot at a later
time.
> For compliance, usually patches have to be "evaluated" every 30 days.
> Most customers will patch their systems and delay the reboot until
> either the system can come down for maintenance or there is an outage.
>
> Roy Solis
> Sr. Security Consultant
> IOM Consulting
> M:(972) 832-5742
>
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
> On Behalf Of Brian Long
> Sent: Tuesday, February 18, 2014 2:25 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Win Server Updates
>
> How often are servers being "patched"? How can patching be done if
> re-start is not an option? Is "patching" really necessary if servers
> are running with no issues?
>
> Thanks,
> Brian
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
> On Behalf Of Coyote Technologies
> Sent: Tuesday, February 18, 2014 2:08 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Win Server Updates
>
> Brian,
>
> For AV, I've setup McAfee ePO server for a few sites. Depending on
> where the ePO server is, it needs either access to the internet or
> access to a repository machine on the corporate network that in turn
> has access to the source sites (preferred solution).
>
> The patch solution I've used is GFI Languard (recommended by Invensys).
> That will pick up patches for Windows and most 3rd party applications
e.g.
> Adobe. Same architecture as the AV solution. The patches can be
> approved
> before installation.
>
>
> Rick Mol
> Coyote Technologies LLC
> 231.750.6348
>
>
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
> On Behalf Of Brian Long
> Sent: Monday, February 17, 2014 4:37 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: [foxboro] Win Server Updates
>
> We are really struggling with how to properly administer Win security
> and virus protection updates. Anyone care to share how to manage this?
>
>
> Thanks,
>
> Brian Long
>
>
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
>
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
>
> *** Confidentiality Notice: This e-mail, including any associated or
> attached files, is intended solely for the individual or entity to
> which it is addressed. This e-mail is confidential and may well also
> be legally privileged. If you have received it in error, you are on
> notice of its status. Please notify the sender immediately by reply
> e-mail and then delete this message from your system. Please do not
> copy it or use it for any purposes, or disclose its contents to any
> other person. This email comes from a division of the Invensys Group,
> owned by Invensys plc, which is a company registered in England and
> Wales with its registered office at 3rd Floor, 40 Grosvenor Place,
London, SW1X 7AW (Registered number 166023).
> For a list of European legal entities within the Invensys Group,
> please select the Legal Entities link at invensys.com. Invensys PLC is
> owned by the Schneider-Electric Group.
> You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail
> reception@xxxxxxxxxxxx. This e-mail and any attachments thereto may be
> subject to the terms of any agreements between Invensys (and/or its
> subsidiaries and affiliates) and the recipient (and/or its
> subsidiaries and affiliates).
>
>
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
>
> *** Confidentiality Notice: This e-mail, including any associated or
> attached files, is intended solely for the individual or entity to
> which it is addressed. This e-mail is confidential and may well also
> be legally privileged. If you have received it in error, you are on
> notice of its status. Please notify the sender immediately by reply
> e-mail and then delete this message from your system. Please do not
> copy it or use it for any purposes, or disclose its contents to any
> other person. This email comes from a division of the Invensys Group,
> owned by Invensys plc, which is a company registered in England and
> Wales with its registered office at 3rd Floor, 40 Grosvenor Place,
London, SW1X 7AW (Registered number 166023).
> For a list of European legal entities within the Invensys Group,
> please select the Legal Entities link at invensys.com. Invensys PLC is
> owned by the Schneider-Electric Group.
> You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail
> reception@xxxxxxxxxxxx. This e-mail and any attachments thereto may be
> subject to the terms of any agreements between Invensys (and/or its
> subsidiaries and affiliates) and the recipient (and/or its
> subsidiaries and affiliates).
>
>
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
--
Michael Toecker
Head Dragon Slayer
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts:
