jeudi 19 mars 2015

At what criteria should an unpatched machine be considered hacked?



Since every machine connected to the Internet requires security patches, there is a window of time in which those updates have been released and those machines haven't yet been patched.


It is common practice to assume if you do the patch "quick enough" you're safe, however the longer this window is (2 months, 6 months, 1 year) the assumption may become "it's probably already been hacked".


This is a very subjective evaluation of a server's security that I'd like to put into a structure of some type.


Question


Assuming nothing out of the ordinary is occurring with the server, at what point should the server be considered compromised? (e.g. an IIS patch that went unpatched for N days)


How many should N be?


What other things should be considered?





Aucun commentaire:

Enregistrer un commentaire