December 18, 2018 at 9:11 pm
Comments posted to this topic are about the item Get Patched If Not Supported
December 19, 2018 at 4:28 am
I understand the need for all Internet-facing machines, let alone DB-servers, to be up to date with their patches. This is perfectly sensible.
I think I've asked this question before. What about machines and servers witin a domain behind firewalls with no access to the outside world? I especially have in mind machines whose OS is no longer supported but runs a crucial piece of hardware or software.
Is it too simplistic to think that this not a problem? To be sure, internal security and physical access are important. Can one say that a system does not need to be patched if it cannot be accessed from the Internet?
December 19, 2018 at 7:10 am
SQL Slammer hit a lot of stuff behind the firewall. All it took was one exposed MSDE machine inside the network and it sprawled across the SQL Servers within the network. I know SQL Slammer happened a long time ago but the principle still applies
December 19, 2018 at 7:20 am
David.Poole - Wednesday, December 19, 2018 7:10 AMSQL Slammer hit a lot of stuff behind the firewall. All it took was one exposed MSDE machine inside the network and it sprawled across the SQL Servers within the network. I know SQL Slammer happened a long time ago but the principle still applies
Fair enough. I don't claim to be a sysadmin and our sysadmins really don't like systems that have gone out of support.
I'm just wondering about the situation of the system that is no longer supported but still considered necessary.
December 19, 2018 at 1:43 pm
I'd say you want to be patched because you never know if malware or a misconfigured firewall will give access to a system. Especially these days where people take laptops in and out of local networks.
Viewing 5 posts - 1 through 4 (of 4 total)
You must be logged in to reply to this topic. Login to reply