[cs615asa] A Question about how to update system sofware safely
dhupp
dhupp at stevens.edu
Mon Feb 9 00:33:09 EST 2015
From my experiences at various companies for co-op, many companies have
some sort of system in place for patch management. What would occur is
that they would select or load the patch(s) onto this system. As the
system is internal to the network it can connect to all the systems
inside and distribute the patches. For example, most companies provide
Windows machines for their employees to use. Now imagine the hundreds or
thousands of PCs in the company needing to install Windows updates.
Rather than take up precious space on their internet line with redundant
connections, they will have one system make the connection to Microsoft
for the Windows updates and then distribute it to all the Windows hosts
inside the network, taking what would have been hundreds or thousands of
connections and reducing it down to one. My first instinct would be to
check if such a system was available to me inside this enterprise
network and see if I could leverage that to accomplish my goal.
If the company did not have this system in place, one I would recommend
that they look into such a system as every host on the network, at one
time or another, will need to be updated and patched. Two I would then
look into seeing if patch can be downloaded into a file I can load onto
a CD or flash drive and then load it onto the database server. My
absolute last alternative would be to submit a request to create a
temporary firewall rule for this host to open the necessary ports just
long enough to download and install the update and then remove the
temporary rule.
-Daniel
On 02/08/2015 11:39 PM, hchen29 wrote:
> Hello everyone,
> Here I got a question from CS594 which had relationship with system
> administration. This question is given by Randy Park from CS594. Now I
> would report his question here:
>
> "If we build an enterprise network with a application server and a
> database server. The database server is in a private subnet which
> doesn't allow the database server expose to public network. However,
> we need to update some software on the server. If we allow port 443 or
> 80 connection to the database, it will suffer from the breaches of SSL
> protocol. Or you just allow the two ports to update server and then
> remove these rules back and force? What are other administrators do in
> a real enterprise network? "
>
> I think this is a good question. Anyone can share your ideas here.
>
> Hanxiong Chen
> _______________________________________________
> cs615asa mailing list
> cs615asa at lists.stevens.edu
> https://lists.stevens.edu/mailman/listinfo/cs615asa
More information about the cs615asa
mailing list