Archive for April, 2011

Solidify your security patch management policy

Companies that do not effect any form of security patch management place themselves at risk every single day that any of the computers on their network are behind current patch levels. Unpatched computers are ticking time bombs, luck the only thing keeping them truly safe. Chances are there are already problems with the computers that are behind on their patches that have gone unnoticed, leaving these systems a risk for use. A computer without the latest security patches can be exploited by a number of viruses or worms, and even certain web sites might carry malicious code that takes advantage of security holes on a computer that has not bee updated by a security patch management process.

The concept of a security patch management is not based only on how patches are installed, but rather on the requirement that they be patched. The security patch management should be in writing and a legal policy within any corporate network. Alongside other security management bits and pieces, like virus scanners, the security patch management should be a requirement to follow. Users should clearly instructed that they are to do everything within their power to ensure that patches are installed by whatever means your security patch management utilizes. Often, the security patch management is enforced by software policies driven by the primary servers the end user machines log into.

These security patch management policies either restrict the ability of an end user to interfere with patch updates or their configuration settings, or push the patches to the computers completely from within an internal source for of the updates. This security patch management process caches updates as provided by the software manufacturer on in internal server, then deploys them to workstations by a push process that cannot be avoided or aborted. This is probably the most certain method of deploying updated software.

What is a patch and what does it mean to you?

What is a patch and what does it mean to you? It does not matter if you are a home computer user or you are running your computer at work, a patch performs the same function. A patch is a fix for something that was not designed properly during the production of the software you use, or it is a fix for an aspect of the software that allows unintentional access to outside parties. Patch development is done when enough incidents involving a particular code flaw are reported in sufficient quantity to grab the attention of the software manufacturer. They analyze the problem, identify the cause and decide if it warrants the construction of a patch that will rewrite the code of the program, usually the operating system of a computer, to repair the flaw or close the hole.

The way a patch is disbursed to all computers that are affected by the update varies. If you are using your home computer and you have your options set to the default, your computer will likely download the patch and notify you once it is ready to install it. You can then choose to either select or deselect the patch for installation. Once complete, you usually have to restart your computer for the new software to take effect. In the business world, the process is usually handled differently. As a patch is a critical piece of the security process in a corporate situation, the patches are generally enforced by a policy and pushed down to the computers without offering the system users the chance to decline the installation. It may still prompt the user to reboot, versus forcing it to happen, so that the user can save open documents prior to the system restarting. Regardless of how they get onto your computer, a patches are critically important to keeping your computer safe for use.

Do not let your patch management process fall behind

A careful patch management process should be the goal for every IT manager who wants certainty and accountability for the dispersal of security updates across all computers and servers on their network. Leaving the patch management process up to the automatic updates that take place based on manual settings in the operating system is at best a risk in a corporate setup, leaving too much room for risk and creating the possibility that some computers will not receive updates. The automatic patch management process can be overridden by the end user, and even in instances where group policies are in place that restrict those settings and prevent their modification, there is no record available as to whether or not the patches were successfully installed onto the computer.

There are various reasons that patch installation can fail. Sometimes, it is only an individual patch that has a problem on one computer and others install as expected. Without a patch management process that includes the ability to centralize deployments and more importantly maintain logs of the patches that are applied to individual machines. This is where accountability aspect comes into play; a patch management process that is run from a centralized patch solution will flag failed updates and can even notify you when a failure takes place. Not necessarily an emergency, but a service request can be created to eventually dispatch a help desk technician to diagnose the problem with the update installation.

This attention to the patch management process will result in a cleaner body of computers and tighter all around security. Computers without current patches are a security risk and are not acceptable on a corporate network. In keeping with most security policies, a comprehensive and tightly adhered to patch management process will provide a safe and secure computing experience.

The LBC!

Hey Long Beach, welcome to our web site. We bring you news, weather, financial info and other interesting articles about Long Beach, all of California and beyond.

Post Calendar

April 2011
« Mar   May »