[Dshield] Microsoft ASN.1

john beck jbeck80 at hotmail.com
Fri Feb 13 18:41:51 GMT 2004

> > I realize that he who was installing the
> > system shouldn't have connected the machine to the network in the first
> > place before patching, ...
>How do you get around the catch-22 that you need to connect to the
>network to get the updates?
>Do you actually keep an up-to-date CD with all of the patches around for
>new installs?
>John Hardin  KA7OHZ

You can build an image(os+patches) and use it to deploy (mainly to multiple 
systems for best ROI)
And that you purchase a standard hardware config that is used throughout 
network.  That is the best way, otherwise you can build it on a segment that 
only connects to a SUS (system update server) and build that way, another 
high tech method is using a WMI on a VLAN that checks for services and 
configurations and does not allow traffic to that machine until all 
requirements are fulfilled 
(pathes-hotfixes-antivirus-anitmalware-blackbooks, just kidding I keep that 
to myself).
I like the hightech way, because you can quarentine laptops when they get 
back from traveling, until they are deemed safe by the WMI.  I love high 
tech, no not that way:)

Your welcome!
2¢ aka Nick Burns

>>Internal Systems Administrator/Guru               voice: (425) 672-1304
>Apropos Retail Management Systems, Inc.             fax: (425) 672-0192
>   Failure to plan ahead on someone else's part does not constitute an
>   emergency on my part.
>                                   - David W. Barts in a.s.r
>  17 days until ICQ Corp goes away - have you installed Jabber yet?
>list mailing list
>list at dshield.org
>To change your subscription options (or unsubscribe), see: 

Get some great ideas here for your sweetheart on Valentine's Day - and 
beyond. http://special.msn.com/network/celebrateromance.armx

More information about the list mailing list