[177786] in North American Network Operators' Group
Re: Checkpoint IPS
daemon@ATHENA.MIT.EDU (Roland Dobbins)
Thu Feb 5 13:14:01 2015
X-Original-To: nanog@nanog.org
From: "Roland Dobbins" <rdobbins@arbor.net>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Fri, 06 Feb 2015 01:11:24 +0700
In-Reply-To: <eedfd58c3e494b388f0c0a5d43120a15@pur-vm-exch13n1.ox.com>
Errors-To: nanog-bounces@nanog.org
On 6 Feb 2015, at 0:55, Matthew Huff wrote:
> What if you are a hosting company and those aren't your servers to
> patch?
Then it isn't the operator's problem.
> What about the time to patch 200+ servers versus configuring one
> location?
Operators should have sufficient automation to do this quickly. If not,
they're Doing It Wrong.
> What if you have to schedule the staff and maintenance window to patch
> the servers?
See above.
> What if you have legacy equipment that you must continue using, but
> the vendor is slow to provide the patch.
There are other ways (reverse proxies, on-box systems like ModSecurity,
et. al.); or take them offline.
-----------------------------------
Roland Dobbins <rdobbins@arbor.net>
