Patch Panel: How, Why, and When to Patch Systems

Matt Curtin will join other local experts in a panel at the February 6, 2003 meeting of the Security Working Group (SECWOG) at The Ohio State University.

Interhack's Matt Curtin will join other local experts in a panel at the February 6, 2003 meeting of the Security Working Group (SECWOG) at The Ohio State University.

The topic of discussion at this month's meeting will be patching -- why, how, and when. This is pretty timely, given our recent experiences with the SQL Slammer worm.

We'll start with a short presentation (by Steve Romig) that covers some of the issues -- the threat that we're facing, why you need to patch, and where patching fits into the retinue of security tools. We'll also talk about some of the challenges with keeping up with patches. Steve will demonstrate Windows Update, the Microsoft Baseline Security Analyser, hfnetchk (from shavlik.com) and the Redhat Alert Notification Tool and up2date.

However, that's just the beginning. We have assembled a great group of seasoned administrators (the, er, "Patch Panel"*) who will talk briefly about how they deal with patches in their different domains (Windows, Solaris, AIX, IRIX and Redhat) and who will answer any and all questions that you present to them.

The meeting will be Thursday, February 6 from 3-5 PM in Baker Systems 120 on the campus of the Ohio State University. The meeting is open to the public.

* You can thank Stu Collins for the incredibly bad pun :-)

About These Meetings

The Network Security Group meetings are usually held on the first Thursday of each month from 3-5 PM on the Ohio State University main campus in Columbus (usually in Baker Systems 120). The goal of our meetings is to share information about computer security tools, practices and problems. Anyone and everyone are invited to attend.

We also have mailing lists for people who are interested in discussing network security issues, or who just want announcements about meetings and security bulletins. Send mail to romig@net.ohio-state.edu for more information.

See http://www.net.ohio-state.edu/security for information about the services that we provide, future meetings, resources, contact information, directions, mailing lists, and so on.

About Interhack

Interhack is a leading provider of Information Assurance and Forensic Computing services. Based in Columbus, Ohio, and with clients all over North America, Interhack seeks to help make computer systems worthy of the trust they tend to get.