[cs615asa] A Question about how to update system sofware safely

dhupp dhupp at stevens.edu
Mon Feb 9 00:33:09 EST 2015 

 From my experiences at various companies for co-op, many companies have 
some sort of system in place for patch management. What would occur is 
that they would select or load the patch(s) onto this system. As the 
system is internal to the network it can connect to all the systems 
inside and distribute the patches. For example, most companies provide 
Windows machines for their employees to use. Now imagine the hundreds or 
thousands of PCs in the company needing to install Windows updates. 
Rather than take up precious space on their internet line with redundant 
connections, they will have one system make the connection to Microsoft 
for the Windows updates and then distribute it to all the Windows hosts 
inside the network, taking what would have been hundreds or thousands of 
connections and reducing it down to one. My first instinct would be to 
check if such a system was available to me inside this enterprise 
network and see if I could leverage that to accomplish my goal.

If the company did not have this system in place, one I would recommend 
that they look into such a system as every host on the network, at one 
time or another, will need to be updated and patched. Two I would then 
look into seeing if patch can be downloaded into a file I can load onto 
a CD or flash drive and then load it onto the database server. My 
absolute last alternative would be to submit a request to create a 
temporary firewall rule for this host to open the necessary ports just 
long enough to download and install the update and then remove the 
temporary rule.

-Daniel

On 02/08/2015 11:39 PM, hchen29 wrote:
> Hello everyone,
> Here I got a question from CS594 which had relationship with system
> administration. This question is given by Randy Park from CS594. Now I
> would report his question here:
> 
> "If we build an enterprise network with a application server and a
> database server. The database server is in a private subnet which
> doesn't allow the database server expose to public network. However,
> we need to update some software on the server. If we allow port 443 or
> 80 connection to the database, it will suffer from the breaches of SSL
> protocol. Or you just allow the two ports to update server and then
> remove these rules back and force? What are other administrators do in
> a real enterprise network? "
> 
> I think this is a good question. Anyone can share your ideas here.
> 
> Hanxiong Chen
> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/mailman/listinfo/cs615asa

More information about the cs615asa mailing list