Re: [foxboro] Win Server Updates
- From: "Boulay, Russ" <Russ.Boulay@xxxxxxxxxxxx>
- To: "foxboro@xxxxxxxxxxxxx" <foxboro@xxxxxxxxxxxxx>
- Date: Tue, 18 Feb 2014 18:42:18 -0500
Remember...if your stations are Win XP......Microsoft patch management ends
April 2014...Server 2003 a year later.
_____________________________________________________________________________________
Russ Boulay | Schneider Electric | Invensys | United States | Support
Engineering Manager
Phone: +1 508 446 1769 | Mobile: +1 508 446 1769
Email: russ.boulay@xxxxxxxxxxxx | Site: www.invensys.com | Address: 2000 Crow
Canyon Place Suite 170, 94583 San Ramon, California, United States
*** Please consider the environment before printing this e-mail
-----Original Message-----
From: foxboro-bounce@xxxxxxxxxxxxx [mailto:foxboro-bounce@xxxxxxxxxxxxx] On
Behalf Of Brian Long
Sent: Tuesday, February 18, 2014 3:38 PM
To: foxboro@xxxxxxxxxxxxx
Subject: Re: [foxboro] Win Server Updates
How long might each server or op station take?
Sent from my iPhone
On Feb 18, 2014, at 4:33 PM, "Solis, Roy" <roy.solis@xxxxxxxxxxxx> wrote:
> Do you have to meet any kind of compliance at this time? If you do, then
> adhere to the timeline in the compliance. However if you are not "regulated"
> by a compliance then once a month should be a good general practice.
> Microsoft Patch Tuesday is the second Tuesday of every month in the US. This
> is when MS releases the majority of their patches. If you can plan to
> evaluate and test within 3 weeks after patch Tuesday you should be good by
> the end of each month.
>
> Although MS will occasionally release emergency patches off cycle (not on
> patch Tuesday), but if you stick to some kind of monthly cycle you should be
> good. Just keep in mind that not every patch is approved on IA so whichever
> system is choosen you will need to be able to create custom profiles to push
> only the patches you need.
>
> Roy Solis
> Sr. Security Consultant
> IOM Consulting
> M:(972) 832-5742
>
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
> [mailto:foxboro-bounce@xxxxxxxxxxxxx] On Behalf Of Brian Long
> Sent: Tuesday, February 18, 2014 4:26 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Win Server Updates
>
> Great point. How often should boxes be patched?
>
> Thanks,
> Brian
>
> -----Original Message-----
> From: foxboro-bounce@xxxxxxxxxxxxx
> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
> On Behalf Of Michael Toecker
> Sent: Tuesday, February 18, 2014 4:00 PM
> To: foxboro@xxxxxxxxxxxxx
> Subject: Re: [foxboro] Win Server Updates
>
> If restarting a server/workstation isn't an option, then you have a larger
> problem than not being able to patch. If a single system is so critical to
> your operation that you can't handle any downtime from it, I list that in
> security assessment reports as a finding that needs fixing. What happens when
> it's power supply dies, or hard drive falls apart, or the caked dust inside
> finally causes it to overheat and melt? Considering all the varying ways a
> computer can die that are not cyber security related, having good redundancy
> is extremely important.
> Patching systems is fixing them so that a vulnerability can no longer be
> exploited. Anti-Virus is great, but it doesn't fix a vulnerability. AV puts
> in place some measures to try to limit your exposure to a vulnerability, and
> keep malicious software delivered through that vuln from becoming resident on
> the system.
>
> For instance, the Conficker virus used vulnerability MS08-067 to spread from
> system to system, by exploiting a specific service. Conficker would then be
> loaded on the victim, which would then seek to exploit more systems and
> spread. If you had anti-virus, it might stop Conficker from spreading, but
> you were still vulnerable to the MS08-67 exploit if another virus were to
> come along. This is important for control systems, as Conficker was extremely
> aggressive when scanning, to the point that it could overwhelm a network,
> especially something like a certain /16 network.
>
> Mike
>
>
> On Tue, Feb 18, 2014 at 2:49 PM, Solis, Roy <roy.solis@xxxxxxxxxxxx>
> wrote:
>
>> Also, patching is necessary for all windows systems. Especially for
>> critical or high priority patches. These are usually a result of a
>> flaw in the application or service that can result in data exposure
>> or remote code execution. These kinds of patches need to be
>> addressed immediately or you risk a compromise.
>>
>> A lot of people don't patch systems because it's too much trouble or
>> because they think they are "air-gapped" only to find out they have
>> been compromised for months or even years because they had that 1
>> historian connection to their DCS and patching was too much trouble.
>>
>> Just my past experience :)
>>
>> Roy Solis
>> Sr. Security Consultant
>> IOM Consulting
>> M:(972) 832-5742
>>
>>
>> -----Original Message-----
>> From: foxboro-bounce@xxxxxxxxxxxxx
>> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Solis, Roy
>> Sent: Tuesday, February 18, 2014 2:41 PM
>> To: foxboro@xxxxxxxxxxxxx
>> Subject: Re: [foxboro] Win Server Updates
>>
>> With GFI you can deploy the patches and set it to reboot at a later
> time.
>> For compliance, usually patches have to be "evaluated" every 30 days.
>> Most customers will patch their systems and delay the reboot until
>> either the system can come down for maintenance or there is an outage.
>>
>> Roy Solis
>> Sr. Security Consultant
>> IOM Consulting
>> M:(972) 832-5742
>>
>>
>> -----Original Message-----
>> From: foxboro-bounce@xxxxxxxxxxxxx
>> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Brian Long
>> Sent: Tuesday, February 18, 2014 2:25 PM
>> To: foxboro@xxxxxxxxxxxxx
>> Subject: Re: [foxboro] Win Server Updates
>>
>> How often are servers being "patched"? How can patching be done if
>> re-start is not an option? Is "patching" really necessary if servers
>> are running with no issues?
>>
>> Thanks,
>> Brian
>>
>> -----Original Message-----
>> From: foxboro-bounce@xxxxxxxxxxxxx
>> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Coyote Technologies
>> Sent: Tuesday, February 18, 2014 2:08 PM
>> To: foxboro@xxxxxxxxxxxxx
>> Subject: Re: [foxboro] Win Server Updates
>>
>> Brian,
>>
>> For AV, I've setup McAfee ePO server for a few sites. Depending on
>> where the ePO server is, it needs either access to the internet or
>> access to a repository machine on the corporate network that in turn
>> has access to the source sites (preferred solution).
>>
>> The patch solution I've used is GFI Languard (recommended by Invensys).
>> That will pick up patches for Windows and most 3rd party applications
> e.g.
>> Adobe. Same architecture as the AV solution. The patches can be
>> approved
>> before installation.
>>
>>
>> Rick Mol
>> Coyote Technologies LLC
>> 231.750.6348
>>
>>
>>
>> -----Original Message-----
>> From: foxboro-bounce@xxxxxxxxxxxxx
>> [mailto:foxboro-bounce@xxxxxxxxxxxxx]
>> On Behalf Of Brian Long
>> Sent: Monday, February 17, 2014 4:37 PM
>> To: foxboro@xxxxxxxxxxxxx
>> Subject: [foxboro] Win Server Updates
>>
>> We are really struggling with how to properly administer Win security
>> and virus protection updates. Anyone care to share how to manage this?
>>
>>
>> Thanks,
>>
>> Brian Long
>>
>>
>>
>>
>> _____________________________________________________________________
>> _ _ This mailing list is neither sponsored nor endorsed by Invensys
>> Process Systems (formerly The Foxboro Company). Use the info you
>> obtain here at your own risks. Read
>> http://www.thecassandraproject.org/disclaimer.html
>>
>> foxboro mailing list: //www.freelists.org/list/foxboro
>> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
>> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>>
>>
>>
>>
>>
>> _____________________________________________________________________
>> _ _ This mailing list is neither sponsored nor endorsed by Invensys
>> Process Systems (formerly The Foxboro Company). Use the info you
>> obtain here at your own risks. Read
>> http://www.thecassandraproject.org/disclaimer.html
>>
>> foxboro mailing list: //www.freelists.org/list/foxboro
>> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
>> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>>
>>
>> _____________________________________________________________________
>> _ _ This mailing list is neither sponsored nor endorsed by Invensys
>> Process Systems (formerly The Foxboro Company). Use the info you
>> obtain here at your own risks. Read
>> http://www.thecassandraproject.org/disclaimer.html
>>
>> foxboro mailing list: //www.freelists.org/list/foxboro
>> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
>> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>>
>>
>>
>> *** Confidentiality Notice: This e-mail, including any associated or
>> attached files, is intended solely for the individual or entity to
>> which it is addressed. This e-mail is confidential and may well also
>> be legally privileged. If you have received it in error, you are on
>> notice of its status. Please notify the sender immediately by reply
>> e-mail and then delete this message from your system. Please do not
>> copy it or use it for any purposes, or disclose its contents to any
>> other person. This email comes from a division of the Invensys Group,
>> owned by Invensys plc, which is a company registered in England and
>> Wales with its registered office at 3rd Floor, 40 Grosvenor Place,
> London, SW1X 7AW (Registered number 166023).
>> For a list of European legal entities within the Invensys Group,
>> please select the Legal Entities link at invensys.com. Invensys PLC
>> is owned by the Schneider-Electric Group.
>> You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail
>> reception@xxxxxxxxxxxx. This e-mail and any attachments thereto may
>> be subject to the terms of any agreements between Invensys (and/or
>> its subsidiaries and affiliates) and the recipient (and/or its
>> subsidiaries and affiliates).
>>
>>
>>
>>
>> _____________________________________________________________________
>> _ _ This mailing list is neither sponsored nor endorsed by Invensys
>> Process Systems (formerly The Foxboro Company). Use the info you
>> obtain here at your own risks. Read
>> http://www.thecassandraproject.org/disclaimer.html
>>
>> foxboro mailing list: //www.freelists.org/list/foxboro
>> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
>> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>>
>>
>>
>> *** Confidentiality Notice: This e-mail, including any associated or
>> attached files, is intended solely for the individual or entity to
>> which it is addressed. This e-mail is confidential and may well also
>> be legally privileged. If you have received it in error, you are on
>> notice of its status. Please notify the sender immediately by reply
>> e-mail and then delete this message from your system. Please do not
>> copy it or use it for any purposes, or disclose its contents to any
>> other person. This email comes from a division of the Invensys Group,
>> owned by Invensys plc, which is a company registered in England and
>> Wales with its registered office at 3rd Floor, 40 Grosvenor Place,
> London, SW1X 7AW (Registered number 166023).
>> For a list of European legal entities within the Invensys Group,
>> please select the Legal Entities link at invensys.com. Invensys PLC
>> is owned by the Schneider-Electric Group.
>> You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail
>> reception@xxxxxxxxxxxx. This e-mail and any attachments thereto may
>> be subject to the terms of any agreements between Invensys (and/or
>> its subsidiaries and affiliates) and the recipient (and/or its
>> subsidiaries and affiliates).
>>
>>
>>
>>
>> _____________________________________________________________________
>> _ _ This mailing list is neither sponsored nor endorsed by Invensys
>> Process Systems (formerly The Foxboro Company). Use the info you
>> obtain here at your own risks. Read
>> http://www.thecassandraproject.org/disclaimer.html
>>
>> foxboro mailing list: //www.freelists.org/list/foxboro
>> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
>> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>>
>>
>
>
> --
>
> Michael Toecker
> Head Dragon Slayer
>
>
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
>
>
> *** Confidentiality Notice: This e-mail, including any associated or attached
> files, is intended solely for the individual or entity to which it is
> addressed. This e-mail is confidential and may well also be legally
> privileged. If you have received it in error, you are on notice of its
> status. Please notify the sender immediately by reply e-mail and then delete
> this message from your system. Please do not copy it or use it for any
> purposes, or disclose its contents to any other person. This email comes from
> a division of the Invensys Group, owned by Invensys plc, which is a company
> registered in England and Wales with its registered office at 3rd Floor, 40
> Grosvenor Place, London, SW1X 7AW (Registered number 166023). For a list of
> European legal entities within the Invensys Group, please select the Legal
> Entities link at invensys.com. Invensys PLC is owned by the
> Schneider-Electric Group.
> You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail
> reception@xxxxxxxxxxxx. This e-mail and any attachments thereto may be
> subject to the terms of any agreements between Invensys (and/or its
> subsidiaries and affiliates) and the recipient (and/or its subsidiaries and
> affiliates).
>
>
>
>
> ______________________________________________________________________
> _ This mailing list is neither sponsored nor endorsed by Invensys
> Process Systems (formerly The Foxboro Company). Use the info you
> obtain here at your own risks. Read
> http://www.thecassandraproject.org/disclaimer.html
>
> foxboro mailing list: //www.freelists.org/list/foxboro
> to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
> to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
>
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process Systems
(formerly The Foxboro Company). Use the info you obtain here at your own risks.
Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
*** Confidentiality Notice: This e-mail, including any associated or attached
files, is intended solely for the individual or entity to which it is
addressed. This e-mail is confidential and may well also be legally privileged.
If you have received it in error, you are on notice of its status. Please
notify the sender immediately by reply e-mail and then delete this message from
your system. Please do not copy it or use it for any purposes, or disclose its
contents to any other person. This email comes from a division of the Invensys
Group, owned by Invensys plc, which is a company registered in England and
Wales with its registered office at 3rd Floor, 40 Grosvenor Place, London, SW1X
7AW (Registered number 166023). For a list of European legal entities within
the Invensys Group, please select the Legal Entities link at invensys.com.
Invensys PLC is owned by the Schneider-Electric Group.
You may contact Invensys plc on +44 (0)20 3155 1200 or e-mail
reception@xxxxxxxxxxxx. This e-mail and any attachments thereto may be subject
to the terms of any agreements between Invensys (and/or its subsidiaries and
affiliates) and the recipient (and/or its subsidiaries and affiliates).
_______________________________________________________________________
This mailing list is neither sponsored nor endorsed by Invensys Process
Systems (formerly The Foxboro Company). Use the info you obtain here at
your own risks. Read http://www.thecassandraproject.org/disclaimer.html
foxboro mailing list: //www.freelists.org/list/foxboro
to subscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=join
to unsubscribe: mailto:foxboro-request@xxxxxxxxxxxxx?subject=leave
Other related posts:
