From your comments it is obvious that you are used to working in mom-and-pop shops and have never had the responsibility for securing a Fortune 50 (not 500, _50_) company's infrastructure.

The recommended course of action by the author is irresponsible and would drive a real company out of business do to clients' lawsuits. Case in point: my company is 70,000+ employees worldwide and we must do critical changes in the 2:00am to 4:00am window. When a department upgraded the IOS on a production Arrowpoint, things went goofy and the change was backed out. This was a change that was supposed to FIX known bugs. This change worked fine in the lab. But when we put it in the production environment, it was quite a different story.

Don't blame MS? Why not? They have tried to market their bad products as being stable and secure. "NT has level C2 security," they babble. They try to convince you that you can bet your business on their products. Real companies know better than to bet their business on MS/IIS. We depend on Unix and even old Vax and Tandem machines ... and mainframes.

Everybody uses ASP? Perhaps in his little bubble. Anyone who needs reliability does NOT use ASP.

Simply stated, you CANNOT dump patches into a production environment, at least if you want to stay in business. Heck, you can put a Gauntlet in front of the IIS server and proxy all the requests and filter bad urls at the Gauntlet level. You could put a Trend box off a PIX and filter that way. You must do that until you have time to test it in a QA environment. And even when you test in QA, you roll out NEW servers with the patches and put the "old" ones on standby, in case you have to back out the changes. When you lose millions of dollars a second due to downtime, "backing out" changes is not a viable option - you have to switch back immediately to the old environment. I wish I knew the name of anyone who would make a rapid deployment, and I would make sure they would never work for my company - you are a liability.

The author is suggesting to take irresponsible course of actions. Anyone who has a huge infrastructure knows to dismiss the "deploy" suggestion; it simply places liability on us, not on him.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/74/12043#12043