Re: [Fed-Talk] Remediating & Patching Macs
Re: [Fed-Talk] Remediating & Patching Macs
- Subject: Re: [Fed-Talk] Remediating & Patching Macs
- From: "Trater, James R." <email@hidden>
- Date: Thu, 31 Mar 2016 17:24:44 +0000
- Thread-topic: [Fed-Talk] Remediating & Patching Macs
If cost is a major consideration, I suggest looking at the combination of Munki + MunkiReport-PHP + AutoPKG + Reposado for doing software/patch management. These are software management tools - not full-on configuration management like Casper - but they
work really well and the software itself is free.
I can go into more detail if you like, but these solution let you control the distribution of OS and applications updates (through branches) and the AutoPKG recipes can automatically download the latest application updates for popular software such as
Adobe Flash, MS Office, Firefox, etc. We stage all of the updates on a dedicates Mac and then rsync them to a pair of load balanced Linux servers that our clients point to. You can secure your distribution server (which is basically just a web server) with
SSL and optional certificate or basic auth.
Jim
David,
Personally
I find the Casper suite by JAMF to be the most robust solution. We use it at the National Defense University and I know that it is used elsewhere in DoD including OSD. In addition to patch management, it has the ability to apply policy (STIG settings) as well.
We’ve been using it for many years and are extremely pleased with it’s capabilities.
There are some open source tools as well, and if you were really desperate SCCM is supposed to be able to do patching of Macs as well.
Carib
On Mar 31, 2016, at 11:16 AM, "Downin, David M CIV NSWCCD West Bethesda, 893" < email@hidden> wrote:
Although there is no mandate from NAVSEA or NSWC to ban macs, it seems as if they are trying to get rid of them on base.
General theme is macs are dead through attrition. Can only replace a Mac if u provide a POAM & business plan that demonstrates
how you plan to move your software off the Mac to a PC platform with the funding and timeline in place.
They complained that we were doing updates directly through Apple and not through DISA servers. Was afterwards able to give them the
link for the STIG put out by DISA/NIST section 3.2 Software Updates that states Apple Computer is a DOD approved resource for updates.
They complained that we don't have an automatic process in place to push updates to the macs. And it seems that a presentation
was given that showed Macs are not as secure as Linux & Windows machines.
What I'm looking for is how other places remediate and patch their Macs. Is there a way to push the updates to Macs? Are there any
good documented cases that show a fair comparison of how secure each platform is? I have a feeling someone saw the article that
stated Macs aren't as secure because there were more CVEs issued to OS X than any other software and ran with it. Of course,
that doesn't take into account the severity of each, time taken to patch, and probably a host of other data points I'm not thinking about.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to
email@hidden
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden