State and local facilities automate, too

To properly handle patch deployment, administrators need a system of checks and balances, said Dan Ruesch, information security manager for the South Dakota Air National Guard.

The organization began using Microsoft's Systems Management Server to send patches to the approximately 600 workstations at its air base. That approach worked fine, but administrators had no way of verifying that a patch had been correctly installed.

"We needed a real-time look at computers on the network," instead of sending employees to do it manually, Ruesch said.

For that real-time view, the Air National Guard brought in Shavlik's HFNetChkPro 4.0. "If [Systems Management Server] missed a machine, we can use Shavlik as a check-and-balance system," Ruesch said.

HFNetChkPro can be set to automatically scan a wide range of Microsoft platforms — including Windows NT, Windows XP, Windows Server, Exchange and Outlook — and update machines with the necessary security patches.

City officials in Sioux Falls, S.D., averted a major network infection from a laptop stricken with the Blaster worm because its network administrator had deployed the proper patch using St. Bernard Software's UpdateExpert patch management system.

UpdateExpert "was critical to keeping our network secure," said Monte Watembach, the city government's network administrator. "Even though we have [Microsoft's Systems Management Server], it was too cumbersome to use." With St. Bernard's software, "we actually had the Blaster patch on [desktop computers] before Blaster hit."

One feature Update Expert doesn't support now but Watembach would like to see added is a better way to track remote users who haven't logged on for months.

"When a [remote] user logs into my domain, I would like to deploy all the requisite updates," said Watembach, who is responsible for patching about 900 workstations and servers.

He said he tests patches by deploying them to a small number of users, usually in the IT department. To determine how well a patch will work, it must be tested on the machines on which people are actually doing their work, he added.

Several years ago, officials for the city of Boulder, Colo., didn't apply patches. But when they moved from Windows 98 to Windows NT, 2000 and XP, patch management became more critical, said Allyn McMullin, senior PC specialist with the city's information technology department.

"Vulnerabilities are cropping up more often," McMullin said. To cope with that reality, officials set up an internal server that downloads updates from Microsoft's patch server. IT staffers schedule patch deployments via LANDesk Software's Patch Manager, which is a component of the company's Management Suite.

When news began surfacing about the Blaster worm last summer, Boulder's IT staff used LANDesk's tools to see if all of the city government's desktop computers had the patch. Most of the 1,200 workstations had been patched, but 300 hadn't been. With LANDesk, the IT department was able to patch all of the systems in a matter of hours, McMullin said.

Because LANDesk's product is a suite of tools, IT employees can do more than just manage patches, McMullin said. They can also manage desktops remotely and perform other software upgrades.

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.