Snort- Depends upon what the *nix servers are doing now doesn't it? We have a few instances that have not been patched in a couple years, but they are running an internal application, have strict change control applied, and have not access to the outside world. Indeed, the *inside* world has only very limited (and well logged) access to them.
I should explain here that we have only 10 "standalone" Windows workstations in the entire organization; everyone else is running Citrix, which is centrally managed and running on IBM blades behind locked doors. Instances running web servers however, and very much patched with just about every patch that applies to them, even though they are also subject to very tight change control. Something the 'PC' crowd just doesn't understand. Now, if by midrange you mean the iSeries machines; and they are telling you that the *nix instances on the machine are only patched twice a year, they are blowing smoke. First, the iSeries will only run either AIX or Linux, both of which have more than twice a year patch cycles, and second, the mainframe hardware platform is more, not less - secure than the iSeries. -Paul -----Original Message----- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Alan Ackerman Sent: Thursday, March 22, 2007 11:54 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: How are you handling z/Linux On Thu, 22 Mar 2007 13:43:39 -0400, Sikich, Frank J. <[EMAIL PROTECTED]> wrote: >The struggle is that our midrange >world claims to apply patches to the UNIX servers only once or twice a >year and they are concern that they will have more interruption on >zLinux. They never apply security patches? I'm on a list for these, and I get MANY alerts for Linux/Unix patches. (Not to mention the last-minute Solaris DST fiasco...) Or perhaps they merely want total control over the outage schedule? That could be political reality in your shop, or it could be just another excuse to fight change.