General discussion

Locked

Microsoft Updates and Patches

By deerek11 ·
Hello All, I just started with a new company as a administrator the netowrk here is alot smaller then any network I have worked on in the past but what bothers me is that IT Dept here does not take any of the Microsoft Updates serious or patches. The network has about 80 nodes with systems from win 98 to win xp and 10 Severs running Win 2003 also eash system is running anti virus independenley after evalurating the network my first day I bought this to my IT manager attention he said it was no big deal we are behind a cisco firewall pix I understand that but without the proper patches and updates and some way to monitor anti-virus you still leave your self open he reply never had a problem in the past. Should I push this issue or should I just do what is asign to me and not rock the boat. If any one has any information on this I would gladly appeacite it or comments

This conversation is currently closed to new comments.

12 total posts (Page 2 of 2)   Prev   01 | 02
Thread display: Collapse - | Expand +

All Comments

Collapse -

Prove to your manager of the threats out there!

by NI70 In reply to Microsoft Updates and Pat ...

I'm not quite sure if I understand "...each system is running anti virus independenly..." But if I read that correctly, each system has a client-side antivirus installed on it? If so, that sounds about what I'd do, have each system have their own antivirus software installed. But you need to ensure that definition (signature) files are constantly updated. Virii (viruses) have ways getting into a network, be it from an email attachment or a laptop computer that was compromised at home or on the road.

You may also want to run Spybot Search & Destroy, AdAware, and a few other anti-spyware tools available. I'm currently testing Trend Micro's Anti-Spyware and so far have been pretty impressed.

Here's a few links that would prove useful in your attempts to convince your manager.

http://www.us-cert.gov/cas/bulletins/SB05-188.html
http://www.cert.org/advisories/

Also many countries have their own CERT - Computer Emergency Response Team website. Here's Google's results on CERT
http://www.google.com/search?q=CERT&sourceid=mozilla-search&start=0&start=0&ie=utf-8&oe=utf-8&client=firefox-a&rls=org.mozilla:en-US:official

Further there are tools available to scan your network for vulnerabilities such as GFI LANGuard (no affiliation to GFI, I've tested their product).
http://www.gfi.com/lannetscan/

Google result for Network Security Scanner freeware http://www.google.com/search?hl=en&lr=&q=Network+Security+Scanner&as_q=freeware&btnG=Search%C2%A0within%C2%A0results

Google result Patch Management freeware
http://www.google.com/search?hl=en&lr=&q=Patch+management&as_q=freeware&btnG=Search%C2%A0within%C2%A0results

Google, IMHO, is the best friend a NetAdmin has:)

Collapse -

Force him to say No

by timbstoke In reply to Microsoft Updates and Pat ...

Since you're new, you don't want to rock the boat too much. However, this is part of your job, so obviously you're concerned. My approach would be to email him, explaining the problem and what you plan to do about it. That way, he has to come back with an explicit "No" to stop the problem being fixed.

You say the servers have AV, but it's all independent. At the moment, that's fine. They have it at least, it's just an admin headache. It will also cost money to fix, so it's not the best opening gambit.

Concentrate on the patches - free to fix and more essential. Document a proposal for you to set aside some time for patching/AV updates (a day a month 'routine' patching, plus time for critical patches as they are released). Follow up a few days before each routine patch session, listing the patches to be applied, the issue it addresses, and a rollback plan in case the patch breaks anything.

Once this has become accepted practice, then you can start along the lines of "It takes me x hours to patch all the servers, and x hours to manually update the AV - if we upgraded to product X it would free a lot of that AV time up for other tasks"

A caveat: Understand what each server does - there may be a reason some are not updated. At my last place, we had an ancient NT server running a bespoke app. For some reason, it wouldn't work properly under anything higher than NT SP3. Since the box was behind a firewall, on a totally isolated system, accessible only via dial-up with ring-back, and allowed numbers filtered by both the router and the telecoms provider, we took the approach with this one box of "It ain't broke yet, so I ain't fixin nuthin'"

Back to IT Employment Forum
12 total posts (Page 2 of 2)   Prev   01 | 02

Related Discussions

Related Forums