Skip to main content

Preventing a Vulnerable Network with Good Patch Management

Every admin knows the importance of good patch management, but not every admin knows the tips and tricks that make for a great patch management strategy. There is so much more to patching than just running Windows Updates, and in this article we’ll share with you the nine tips for great patch management to prevent your network from having vulnerabilities.

1. Stay informed

You can’t fix it if you don’t know it’s broken, so staying informed is the right place to start. Subscribe to the security and patch bulletins from your operating system vendors and your critical application vendors. You really want to consider subscribing to a third party alert like the ones offered by SANS, Bugtraq, or others so you are aware of vulnerabilities even when there aren’t patches yet, and also to cover the smaller but no less important applications that are on your network.

2. Test your patches

I’d rather deploy an untested patch than not patch at all, but I’d really prefer to test all patches first. Whether you use a full-fledged QA environment, your DR/BCP (Disaster Recovery/ Business Continuity Plan) infrastructure, a scaled down lab running on virtualization, or just a subset of your workstations and servers, test all patches before you deploy them across the board. You want to fix problems, not
introduce new ones, and you never know when one vendor’s patch might conflict with another vendor’s app.

3. Have a regular maintenance window

Patching is critical and should not take a backseat to other activities unless absolutely necessary. By establishing and sticking to a regular monthly maintenance window, the rest of the business can plan around patching so you won’t have to worry about a business impact when patching is required. Just reserve the right to deploy emergency security patches outside that window in case a zero-day exploit is
in the wild.

4. Patch applications

This is where using a good patch management application becomes absolutely essential. Keeping up with all the third party applications installed on your servers and workstations will make manually patching those impossible, and there are new exploits for PDF readers and Flash players almost every month. Those are probably on every workstation you have, but are just the tip of the iceberg. You
probably have every admin’s favorite text editor installed on half your servers, protocol analyzers and compression tools…just because users don’t log onto it doesn’t mean you don’t have to worry about applications installed on a server.

5. Have a rollback plan

Even the best testing plan cannot cover every possible scenario and conceivable combination of other apps, specific configuration settings, and other variables, so make sure you have a way to roll back any patches you do deploy. Again, a patch management application can be a real lifesaver here by being able to install as easily as it installs any updates.

6. Use management-supported policy to ensure compliance

Patching shouldn’t be optional. Senior management must support and promote patching as an expected and required part of network management, and make it clear to all admins that it is not an optional activity.

7. Use logging and reporting to confirm compliance

Patch management applications log all their activities and can generate reports on a schedule or on demand to report on the status of the systems on your network. Use these reports to provide information to management, and also to verify that all systems on your network are up-to-date and in compliance with your patching policy.

8. Investigate discrepancies

If a report indicates that a system missed a patch, investigate it. Determine why the patch failed, and either resolve that issue, or manually apply the patch as appropriate. A good patch management application can do the heavy lifting for you, but it doesn’t mean you don’t have to do anything at all. Go a step further by spot checking systems with a vulnerability scanner to make sure you aren’t missing
anything.

Use these nine tips to help ensure you have the best, most effective patching solution which requires minimal effort from your IT admin.

Guest Post by Casper Manes

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.

All product and company names herein may be trademarks of their respective owners.

To know more about guest post rules in this blog please follow the link below.

Comments

Popular posts from this blog

List Of Common Flowers in Kerala With Pictures

Kerala is one of the famous tourist spot situated on the south of India famous for its numerous wild life and thick vegetation. Like the Himalayan ranges on the north of India,

AMOLED display coming to Samsung Galaxy Tab range

This is a guest post by Erica about the arrival of AMOLED display to Samsung Galaxy Tab range.Samsung could be transplanting a seven inch AMOLED screen into an upcoming addition to its Galaxy Tab range of tablet computers.

You may have experienced an AMOLED display in a small portable device before as Samsung, Nokia and HTC have all used them in smartphones to date. However, the expense of producing AMOLED screens has prohibited them from appearing on larger devices like tablets, until now.


The seven inch Galaxy Tab was launched last year but an update with an AMOLED screen would be most welcome, cutting energy consumption and improving colours and contrast ratios across the board.


The rumours about this device state that it will run Android 3.0, feature a three megapixel camera on the rear, a two megapixel snapper on the front and have a display resolution of 1024x600 which is not bad for a device of this size.


The hardware powering the new Galaxy Tab will consist of a 1.2GHz processor w…

Building Blocks for Virtual Businesses : Key technological systems you must have to succeed in the remote business world

This is a guest post by Ripley Daniels about "Key technological systems you must have to succeed in the remote business world.

Whenever I tell friends I had a tough day at the office, they laugh at me. That's because they know I don't really have an office. I work very hard but I work for a company that is completely remote. Only a few of my co-workers ever go into an office at all and when they do, it's only for short periods of time. Our "office" is a virtual one. To us, the traditional office workplace is a thing of the past, alongside Tyrannosaurus Rex, the slide rule, and telephones where you stick your finger in a hole and turn a dial.
Unfortunately, none of this prevents me from having tough days. I still have them. But the reasons have nothing to do with the fact that my co-workers and I don't have a brick and mortar edifice that we can use to plan, strategize, hold our meetings, make presentations, discuss sensitive business topics, build relatio…

5 Common Examples Of Website Design Mistakes by Business Owners

This is a guest post by Sachin about five Common Examples Of Website Design Mistakes by Business Owners . When most business owners think about website design, they think about a brochure online. Online shopping sites are making a lot of money with the use of web-based applications to sell products, collect payments an arrange delivery. The only work left to do is pack and send the boxes. Smart applications can even print out the labels, so the only thing left to do it stick them on the box. Unfortunately, in many cases, websites are replacing people. For those of us left with a job, we can be thankful that many business owners make the following mistakes when it comes to websites and web design.


Don’t have one. This is the first and biggest problem of most business owners when it comes to website design. They think they don’t need one. Who can ever really do with less business? The reason why they have not been getting business from online sources in the past is because they have not …

Twitter and Free Speech

It is a post from Jessica Wagner about Twitter and free speech. When the Internet first started taking prominence in the 1990's, a new vehicle for free speech was built. Starting in the 1980's, billion dollar multi-media companies had started accumulating large papers, television networks, and radio stations. Many people worried that big business would conglomerate and eliminate the free speech which the United States was built on. Because of the amalgamation of media, it became harder for individuals to get their voices heard through the use of mass media.

Creating a website, blog, or posting on a comment forum is now the standard by which to get your voice heard in American. With the super-advanced speed at which social media has entered our lives, it is easier than ever to take information, a thought, or an opinion and spread it throughout the entire country or world.

Recently, there has been a lot of controversy over the use of Twitter and the rights of free speech as they…

Why Lapel Pins are a Great Marketing Technique for Your Small Business

When you run a business on a small scale, you need to use aggressive but creative marketing techniques to attract the attention of potential customers. When your business is small, you need to understand that there are several mammoth companies that could act as a barrier between you and your potential customers. At such a time, using effective marketing techniques plays a very important role.