Importance of patch management
As operating systems, applications and utility tools continue to manifest exploitable flaws, rapid application of security patches becomes critical to security. Attackers can reverse engineer patches and develop exploits that penetrate the vulnerability made public when the patch is released. Most organizations do not perform the patching task well enough to minimize the timeframe of vulnerability.
They often do not have adequate inventory records and miss patching some systems. They often do not have formalized procedures for testing and deploying patches promptly
Patch management is a complex process, and I can't describe all the variables here. But I can distill the process into six steps :
Develop an up-to-date inventory of all production systems, including OS types (and versions), IP addresses, physical location, custodian and function. Commercial tools ranging from general network scanners to automated discovery products can expedite the process (see Resources, below). You should inventory your network periodically.
Devise a plan for standardizing production systems to the same version of OS and application software. The smaller the number of versions you have running, the easier your job will be later.
Make a list of all the security controls you have in place--routers, firewalls, IDSes, AV, etc.--as well as their configurations. Don't forget to include system
hardening or nonstandard configurations in your list of controls. This list will help you decide how to respond to a vulnerability alert (if at all). For example, let's say you learn that OpenSSH has a vulnerability that may allow a buffer-overflow attack, but from your list of controls you know you don't allow the SecSH protocol through your firewall. If nothing else, that knowledge gives you more time to react.
Compare reported vulnerabilities against your inventory/control list. There are two key components to this. First, you need a reliable system for collecting
vulnerability alerts. And second, you need to separate the vulnerabilities that affect your systems from those that don't. Some companies have staff dedicated to managing this process; others use vulnerability reporting services.
Classify the risk. Assess the vulnerability and likelihood of an attack in your environment. Perhaps some of your servers are vulnerable, but none of them is
mission-critical. Perhaps your firewall already blocks the service exploited by the vulnerability. In general, to classify and prioritize the risk, consider three factors: the severity of the threat (the likelihood of it impacting your environment, given its global distribution and your inventory/control list); the level of vulnerability (e.g., is the affected system inside or outside perimeter firewalls?); and the cost of mitigation and/or recovery.
Apply the patch! OK, so now you have an updated inventory of systems, a list of controls, a system for collecting and analyzing vulnerability alerts and a
risk classification system. You've determined which patches you need to install. Now comes the hard part: deploying them without disrupting uptime or production. Fear not, there are several tools that can help you with the actual patch process (see Resources, below). Evaluate these tools in terms of how well they fit your environment and budget.
Patches are additional pieces of code developed to address problems (commonly called 'bugs') in software. Patches often address security flaws within a program or can enable additional functionality. Vulnerabilities are flaws that can be exploited by a malicious entity to gain greater access or privileges than it is authorized to have on a computer system. Not all vulnerabilities have related patches.
Thus, system administrators must not only be aware of applicable vulnerabilities and available patches, but also other methods of remediation (e.g., device or network configuration changes, employee training) that limit the exposure of systems to vulnerabilities.
It provides guidance on creating a security patch and vulnerability management program and testing the effectiveness of that program. The primary audience is security managers who are responsible for designing and implementing the program. However, this document also contains information useful to system administrators and operations personnel who are responsible for applying patches and deploying solutions (i.e., information related to testing patches and enterprise patching software).
© 2016 Mozire Technologies . All rights reserved. No part of this site may be reproduced without our written permission.
SUITE C 2/F ON LOK MANSION 39
43 HOLLYWOOD ROAD CENTRAL
Ph - 852 - 2799 - 8938
Email Id - firstname.lastname@example.org
Mozire simplifies IT management with affordable software service that offers the ease of use SMBs need and the powerful features the largest enterprises demand.
It is a trust that our products to manage their network securely and finding their flaws and rectifying them