Skip to main content

Preventing a Vulnerable Network with Good Patch Management

Every admin knows the importance of good patch management, but not every admin knows the tips and tricks that make for a great patch management strategy. There is so much more to patching than just running Windows Updates, and in this article we’ll share with you the nine tips for great patch management to prevent your network from having vulnerabilities.

1. Stay informed

You can’t fix it if you don’t know it’s broken, so staying informed is the right place to start. Subscribe to the security and patch bulletins from your operating system vendors and your critical application vendors. You really want to consider subscribing to a third party alert like the ones offered by SANS, Bugtraq, or others so you are aware of vulnerabilities even when there aren’t patches yet, and also to cover the smaller but no less important applications that are on your network.

2. Test your patches

I’d rather deploy an untested patch than not patch at all, but I’d really prefer to test all patches first. Whether you use a full-fledged QA environment, your DR/BCP (Disaster Recovery/ Business Continuity Plan) infrastructure, a scaled down lab running on virtualization, or just a subset of your workstations and servers, test all patches before you deploy them across the board. You want to fix problems, not
introduce new ones, and you never know when one vendor’s patch might conflict with another vendor’s app.

3. Have a regular maintenance window

Patching is critical and should not take a backseat to other activities unless absolutely necessary. By establishing and sticking to a regular monthly maintenance window, the rest of the business can plan around patching so you won’t have to worry about a business impact when patching is required. Just reserve the right to deploy emergency security patches outside that window in case a zero-day exploit is
in the wild.

4. Patch applications

This is where using a good patch management application becomes absolutely essential. Keeping up with all the third party applications installed on your servers and workstations will make manually patching those impossible, and there are new exploits for PDF readers and Flash players almost every month. Those are probably on every workstation you have, but are just the tip of the iceberg. You
probably have every admin’s favorite text editor installed on half your servers, protocol analyzers and compression tools…just because users don’t log onto it doesn’t mean you don’t have to worry about applications installed on a server.

5. Have a rollback plan

Even the best testing plan cannot cover every possible scenario and conceivable combination of other apps, specific configuration settings, and other variables, so make sure you have a way to roll back any patches you do deploy. Again, a patch management application can be a real lifesaver here by being able to install as easily as it installs any updates.

6. Use management-supported policy to ensure compliance

Patching shouldn’t be optional. Senior management must support and promote patching as an expected and required part of network management, and make it clear to all admins that it is not an optional activity.

7. Use logging and reporting to confirm compliance

Patch management applications log all their activities and can generate reports on a schedule or on demand to report on the status of the systems on your network. Use these reports to provide information to management, and also to verify that all systems on your network are up-to-date and in compliance with your patching policy.

8. Investigate discrepancies

If a report indicates that a system missed a patch, investigate it. Determine why the patch failed, and either resolve that issue, or manually apply the patch as appropriate. A good patch management application can do the heavy lifting for you, but it doesn’t mean you don’t have to do anything at all. Go a step further by spot checking systems with a vulnerability scanner to make sure you aren’t missing
anything.

Use these nine tips to help ensure you have the best, most effective patching solution which requires minimal effort from your IT admin.

Guest Post by Casper Manes

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.

All product and company names herein may be trademarks of their respective owners.

To know more about guest post rules in this blog please follow the link below.

Comments

Popular posts from this blog

List Of Common Flowers in Kerala With Pictures

Kerala is one of the famous tourist spot situated on the south of India famous for its numerous wild life and thick vegetation. Like the Himalayan ranges on the north of India,

5 Common Examples Of Website Design Mistakes by Business Owners

This is a guest post by Sachin about five Common Examples Of Website Design Mistakes by Business Owners . When most business owners think about website design, they think about a brochure online. Online shopping sites are making a lot of money with the use of web-based applications to sell products, collect payments an arrange delivery. The only work left to do is pack and send the boxes. Smart applications can even print out the labels, so the only thing left to do it stick them on the box. Unfortunately, in many cases, websites are replacing people. For those of us left with a job, we can be thankful that many business owners make the following mistakes when it comes to websites and web design.


Don’t have one. This is the first and biggest problem of most business owners when it comes to website design. They think they don’t need one. Who can ever really do with less business? The reason why they have not been getting business from online sources in the past is because they have not …