OS Patching policy

UnixGuyUnixGuy Mod Posts: 4,570 Mod
I'm trying to see how do you guys handle OS upgrades. I'm strictly talking about servers here, not laptops/desktops.




1) Do you schedule your OS (either Windows/Linux/Mac) updates to run periodically, say everyday?


2) For critical application, like a financial services databases, what's your policy on OS patching?


3) For Internet facing webservers, how often do you install OS updates?


4) For non critical servers, do you think it's a good idea to schedule OS updates to run automatically everyday?


Share your experience :)
Certs: GSTRT, GPEN, GCFA, CISM, CRISC, RHCE

Learn GRC! GRC Mastery : https://grcmastery.com 

Comments

  • tprice5tprice5 Member Posts: 770
    1. I deploy updates to all servers and set the deadline out in 2030. This way, the system owner can choose when the server is restarted and all they have to do is log in and all the needed updates are already queued up, ready to be fired off.

    2. We don't have many critical servers/services that require high availability.

    3. Our sharepoint front ends are all clustered so as long as they aren't all rebooted at once it doesn't really matter.

    4. New updates are released once a month. Everyday seems unnecessary to me, though, I suppose it couldn't hurt assuming you don't have automatic reboots turned on.

    Now I just need to learn how to do everything I can do in SCCM with Puppet :)
    Certification To-Do: CEH [ ], CHFI [ ], NCSA [ ], E10-001 [ ], 70-413 [ ], 70-414 [ ]
    WGU MSISA
    Start Date: 10/01/2014 | Complete Date: ASAP
    All Courses: LOT2, LYT2 , UVC2, ORA1, VUT2, VLT2 , FNV2 , TFT2 , JIT2 , FMV2, FXT2 , LQT2
Sign In or Register to comment.