On Thu, 2003-11-13 at 13:19, [EMAIL PROTECTED] wrote: > On Thu, 13 Nov 2003 12:08:41 EST, Robert Davies <[EMAIL PROTECTED]> said: > > > I am quite bothered out the ass by well paid admins that are too damn lazy > > to spend the few minutes it takes to repair a flawed service. Either start > > doing your job, or get the hell out of the way for those of us that want to > > do the job required properly! > > Actually, the *original* problem was that the OP *wanted* to apply the patch > to fix a flawed service, but was prevented from doing so by a flawed policy. > > Now tell me - would *you* install the patch anyhow, knowing that (possibly) > doing so without all the change-control paperwork being done correctly > would mean your ass would be canned and you'd be looking for another job?
"Change Control" paperwork is the bane of security folks. I have most often been on the network/firewall side of things and had been expected to block access at the network level to make up for slow patching from the sysadmin side. I was at least lucky enough to have a management chain that understood the importance of security enough to verbally approve any reasonable requests from our team on short notice. There is definitely a need for change control and regression testing. Especially when microsoft servers are concerned. Who hasn't seen a site go down or a computer bluescreen or something equally fatal to the system after a microsoft patch was applied? They obviously can't be bothered to test their software, so its up to users concerned with uptime to test it themselves before applying patches to production servers. But it really does take both sides to keep systems safe. Not everything can be filtered at the network level, and threats are not exclusively from "the internet". Unhappy employees or otherwise compromised machines can further exploit the internal network. -- Scott Taylor - <[EMAIL PROTECTED]> BOFH Excuse #209: Only people with names beginning with 'A' are getting mail this week (a la Microsoft) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html