This requires a lot of management. The first thing for anyone looking to manage their systems is to baseline what they have on their network. Too often people only focus on their Windows systems. But it is not just Microsoft that suffer from vulnerabilities – think how many patches (including security patches) other vendors like Cisco release over the course of the year, and Apache is still the most popular web server on the Internet (nearly 70% according to Netcraft’s December 2003 Survey). This baseline needs to include all pertinent information – what hardware and what software is loaded. It is important to know that you will not try and patch a Windows NT system with a Windows 2003 patch. You need to establish a minimum patch level for all the systems on your network. This minimum will be based upon the O/S being run – and software running on top of it. Not all patches released by a vendor will be relevant to everyone. Therefore the baseline will be different for different people.
Before rushing out and patching every system, when a new patch is released, a Network Manager must understand the patch and what it is doing (it may not be relevant to you). It also needs to be tested on a test network running the business applications prior to be rolled out. The roll out of a patch could compromise your business if it breaks the business software and stops everyone from working. It would not be the first time…
All patch management needs a full audit trail, which must include whether an installation has been successful. How many times have people been caught out when they thought they had updated software only to find the install did not complete.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.