Archive for June, 2010

The stricter the patch management policy, the better

What is your patch management policy? If you do not know, then please read on. Every business should have an official patch management policy in place, regardless of the number of computers being operated. Whether it is two or two hundred, your corporate intellectual property is just as valuable to you and the risk of letting your data become damaged or pirated certainly justifies the existence of an enforced patch management policy that requires all computers connected to your network to be updated to the latest security patches available. This means requiring either a policy in your group policies that locks users from overriding an update or by requiring users not to interfere with the update process. Users that disobey the patch management policy should be disciplined based on the policies and procedures in practice at your business.

This strict patch management policy should also include forbidding outside computers from connecting directly to your local area network if they are not at the latest security patch level for their operating system. A computer that exists outside the control of your patch management policy could be outdated and infected and act as a gateway for an intrusion to your systems. Your patch management policy should be broad enough to include those outside systems.

You should also perform regular audits through a network scanner of some sort, the choice being yours, to verify the compliance of the various systems in use on your network. Reports can be run by many auditing programs so that you can be sure that the patch management policy is working as you expect and that the computers under your control have been properly updated. Even with the best of intentions and a solid patch management policy, failures and file corruption can, at times, prevent a machine from being patched as expected. Keeping diligent about the enforcement of your patch management policy will go a long way towards heightening your system security.

You should use a good patch management policy

By using a good patch management policy, you can make sure that your network security is well maintained. A patch management policy program regularly checks for holes in your network’s security, and if there is a known fix for such a hole, it downloads and applies that fix so that your network becomes more secure against attacks; after all, it is a well known fact that there are people there who sometimes try to do harm to networks such as yours, whether as vandals, or as thieves that want to steal your data. To protect yourself against people such as these, you really should think about implementing a good patch management policy. To find out more about a professional in your area with whom you can consult about getting going with your new patch management policy, just take a look around on the world wide web and see who you can find! All you have to do is get on your home computer, sign on line, head to your favorite web browser app, go to a search engine site that you prefer, and punch in some search terms that apply to your situation, like “best patch management policy for a new educational institution web site”, “best local patch management policy consultant”, or whatever else you can think of that is going to return the results that are right for you. You will probably get a lot of results back (and pretty quickly, at that), so you should be able to find a few consultants or businesses in the area that are able to help you, so, at that point, you should pick two or three of them that look the best, and set up some appointments for consultations. After you get to know a few of the professionals from which you can choose, you will most likely be able to pick a preferred one and get started with your new patch management policy!

Do not risk your job over bad security patch management

When I started with my current employer three years ago, we deployed new systems with a virus scanner installed and the automatic updates set to run without user intervention. We figured that the machines would just update themselves as configured, and that would adequately provide the level of security patch management that was expected of us. Then, a virus broke out that was downloaded from several legitimate web sites as people visited them. It took advantage of a weakness in code of internet information services. The same virus then used any machines that were active on the same local area network to propagate. To my surprise, our security patch management plan had not worked as expected, because machines that should have had the patches in place to prevent this virus from spreading were not present on a large percentage of machines.

Upon examination of our security patch management scheme by upper management, we were asked to identify what went wrong. Apparently, our firewall was not allowing successful communication to the external update site. Suffice it to say, our security patch management plan was a total failure, and our department did not look good as a result. We have since built an internal update server, which does have access to security patch management updates and can download them for internal distribution. Our security patch management policy now states that all machines must report to our internal server and be patched weekly.

Thanks to the reporting features of the security patch management software we use, we can now verify that the connected clients are being updated as expected. Those same security patch management reports can be presented to upper management, which we now do on a monthly basis so they can keep better track of security to prevent an outbreak from ever happening again. Although always a possibility, we are now far less susceptible to outbreaks and hopefully an outbreak like we had will never be repeated.

The LBC!

Hey Long Beach, welcome to our web site. We bring you news, weather, financial info and other interesting articles about Long Beach, all of California and beyond.

Post Calendar

June 2010
« May   Jul »