What if you are a hosting company and those aren't your servers to patch? What about the time to patch 200+ servers versus configuring one location? What if you have to schedule the staff and maintenance window to patch the servers? What if you have legacy equipment that you must continue using, but the vendor is slow to provide the patch. There is a huge difference in what is good network/security designs between content providers, transit networks, eyeball networks, corporate networks, universities, etc... One size doesn't fit all. ---- Matthew Huff | 1 Manhattanville Rd Director of Operations | Purchase, NY 10577 OTA Management LLC | Phone: 914-460-4039 aim: matthewbhuff | Fax: 914-694-5669 -----Original Message----- From: NANOG [mailto:nanog-bounces@nanog.org] On Behalf Of Roland Dobbins Sent: Thursday, February 5, 2015 12:48 PM To: nanog@nanog.org Subject: Re: Checkpoint IPS On 6 Feb 2015, at 0:38, Raymond Burkholder wrote:
There must some sort of value in that?
No - patch the servers. ----------------------------------- Roland Dobbins <rdobbins@arbor.net>