Do you patch servers that do not access the internet ?

Discussion in 'Server Security' started by Bob, Mar 10, 2009.

  1. Bob

    Bob Guest

    Hello all,

    For years I have been a robot and patching all systems - desktops and
    servers as MS releases them. I do test them first, then install via WSUS.

    I have been thinking more ---- I have quite a few servers that do not access
    the internet --- there are patches for the OS - Server 2000/2003, IE6/7, yet
    I'm questioning myself ---- why patch the server OS and IE on those servers
    if they don't access the internet. I would say definately all of my LAN
    desktops, and just the servers that access the internet --- Exchange, FTP,
    web server, the other servers, don't patch. All systems on the LAN do have
    antivirus/spyware installed, my Exchange server also have Mail security for
    SMTP installed.

    So ---- what are your feelings/what do you practice ---- just patch servers
    that access the internet ?

    Thanks,
    Bob
     
    Bob, Mar 10, 2009
    #1
    1. Advertisements

  2. Hello Bob,

    Definitely YES. All Virus etc. can also come with USB stick, disks etc.

    Best regards

    Meinolf Weber
     
    Meinolf Weber [MVP-DS], Mar 10, 2009
    #2
    1. Advertisements

  3. Bob

    Al Dunbar Guest

    And what happens if some of the individuals that might like to try to take
    advantage of the vulnerabilities being patched happen to work for your
    company?

    /Al
     
    Al Dunbar, Mar 10, 2009
    #3
  4. Bob

    Dave Warren Guest

    In message <eq6ul.14616$> moncho
    The key words being "if you know" -- Until you know, those well
    documented but unpatched vulnerabilities are like candy.
     
    Dave Warren, Mar 13, 2009
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.