New security manager eases patch delivery through firewalls
- By William Jackson
- Jun 30, 2004
The latest version of the Security Update Manager from Configuresoft Inc. uses Hypertext Transfer Protocol to distribute security patches across firewalls.
'It's certainly not rocket science,' said Randy Streu, vice president of product management for the Colorado Springs, Colo., company. 'People have been doing port-to-port communication for years.'
But the new feature lets managers distribute patches without reconfiguring firewalls or opening new ports.
The Hypertext Transfer Protocol is used by Web browsers to connect with Web servers. Most firewalls already are configured to let Hypertext Transfer Protocol traffic through.
'We chose to use (Hypertext Transfer Protocol) when we did the port-to-port capability because it was widely accepted,' Streu said.
SUM v. 2.5 is a module of for Configuresoft's Enterprise Configuration Manager. It helps with the distribution phase of keeping computers updated with the latest patches that close security holes in software. Timely distribution of patches is a critical element in securing IT systems before new vulnerabilities can be exploited by malicious code.
Using Hypertext Transfer Protocol for distribution requires a software agent on the receiving machine. Using an agent gives administrators more flexibility in remotely managing networked devices, but it also adds a layer of complexity, Streu said.
'Any time you start using management tools, there are going to be trade-offs,' he said.
But the use of agents to enable port-to-port communications may be forced on administrators as firewalls are deployed farther down in the network.
'I believe that the future for all of us involves personal firewalls,' Streu said. This would make agentless control more difficult.
The next service pack release for Microsoft Windows XP will enable firewalls on the desktop by default. Because of the firewall and other security improvements, Streu said he believed adoption of SP2 will happen quickly, and there has been demand from large customers for a Hypertext Transfer Protocol patch distribution channel.
SUM v2.5 is available now, with prices starting at $25 per server and $5 per workstation. Pricing for ECM starts at $995 per server and $30 per workstation.
William Jackson is a Maryland-based freelance writer.