Skip to main content

Preventing a Vulnerable Network with Good Patch Management

Every admin knows the importance of good patch management, but not every admin knows the tips and tricks that make for a great patch management strategy. There is so much more to patching than just running Windows Updates, and in this article we’ll share with you the nine tips for great patch management to prevent your network from having vulnerabilities.

1. Stay informed

You can’t fix it if you don’t know it’s broken, so staying informed is the right place to start. Subscribe to the security and patch bulletins from your operating system vendors and your critical application vendors. You really want to consider subscribing to a third party alert like the ones offered by SANS, Bugtraq, or others so you are aware of vulnerabilities even when there aren’t patches yet, and also to cover the smaller but no less important applications that are on your network.

2. Test your patches

I’d rather deploy an untested patch than not patch at all, but I’d really prefer to test all patches first. Whether you use a full-fledged QA environment, your DR/BCP (Disaster Recovery/ Business Continuity Plan) infrastructure, a scaled down lab running on virtualization, or just a subset of your workstations and servers, test all patches before you deploy them across the board. You want to fix problems, not
introduce new ones, and you never know when one vendor’s patch might conflict with another vendor’s app.

3. Have a regular maintenance window

Patching is critical and should not take a backseat to other activities unless absolutely necessary. By establishing and sticking to a regular monthly maintenance window, the rest of the business can plan around patching so you won’t have to worry about a business impact when patching is required. Just reserve the right to deploy emergency security patches outside that window in case a zero-day exploit is
in the wild.

4. Patch applications

This is where using a good patch management application becomes absolutely essential. Keeping up with all the third party applications installed on your servers and workstations will make manually patching those impossible, and there are new exploits for PDF readers and Flash players almost every month. Those are probably on every workstation you have, but are just the tip of the iceberg. You
probably have every admin’s favorite text editor installed on half your servers, protocol analyzers and compression tools…just because users don’t log onto it doesn’t mean you don’t have to worry about applications installed on a server.

5. Have a rollback plan

Even the best testing plan cannot cover every possible scenario and conceivable combination of other apps, specific configuration settings, and other variables, so make sure you have a way to roll back any patches you do deploy. Again, a patch management application can be a real lifesaver here by being able to install as easily as it installs any updates.

6. Use management-supported policy to ensure compliance

Patching shouldn’t be optional. Senior management must support and promote patching as an expected and required part of network management, and make it clear to all admins that it is not an optional activity.

7. Use logging and reporting to confirm compliance

Patch management applications log all their activities and can generate reports on a schedule or on demand to report on the status of the systems on your network. Use these reports to provide information to management, and also to verify that all systems on your network are up-to-date and in compliance with your patching policy.

8. Investigate discrepancies

If a report indicates that a system missed a patch, investigate it. Determine why the patch failed, and either resolve that issue, or manually apply the patch as appropriate. A good patch management application can do the heavy lifting for you, but it doesn’t mean you don’t have to do anything at all. Go a step further by spot checking systems with a vulnerability scanner to make sure you aren’t missing
anything.

Use these nine tips to help ensure you have the best, most effective patching solution which requires minimal effort from your IT admin.

Guest Post by Casper Manes

This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about the right patch management solution.

All product and company names herein may be trademarks of their respective owners.

To know more about guest post rules in this blog please follow the link below.

Comments

Popular posts from this blog

List Of Common Flowers in Kerala With Pictures

Kerala is one of the famous tourist spot situated on the south of India famous for its numerous wild life and thick vegetation. Like the Himalayan ranges on the north of India,

Building Blocks for Virtual Businesses : Key technological systems you must have to succeed in the remote business world

This is a guest post by Ripley Daniels about "Key technological systems you must have to succeed in the remote business world.

Whenever I tell friends I had a tough day at the office, they laugh at me. That's because they know I don't really have an office. I work very hard but I work for a company that is completely remote. Only a few of my co-workers ever go into an office at all and when they do, it's only for short periods of time. Our "office" is a virtual one. To us, the traditional office workplace is a thing of the past, alongside Tyrannosaurus Rex, the slide rule, and telephones where you stick your finger in a hole and turn a dial.
Unfortunately, none of this prevents me from having tough days. I still have them. But the reasons have nothing to do with the fact that my co-workers and I don't have a brick and mortar edifice that we can use to plan, strategize, hold our meetings, make presentations, discuss sensitive business topics, build relatio…

Home Buying Tips For Women In Real Estate Business

Although real estate has been a booming sector for some time in our country, still it has largely been a male bastion. Usually it’s the male of the house, whether its father or brothers, who make financial decisions and that includes a decision to buy a house.

About Web Offset Printing and Its Advantages

The sheer lion's share of business printing for inventories, magazines or books is on an offset printing press. There are numerous motivations to use web offset printing versus sheet encouraged and here are some for your thought as the advantages are numerous: