Patch mgmt. and updates

This is part two of a three part series looking at the various areas we need to be concerned about in protecting our networks. Last issue we talked about strengthening the borders. Today our subject is maintaining the infrastructure, or patch management, security updates and downloads.

We just can’t seem to get away from the using houses as an analogy for networks, but just as you need to continually do maintenance on your house lest it some day fall down around your ankles, so too do you need to do constant maintenance on your network to ensure that not only is it working properly but also that any potential threats are kept at bay.

Homeowners know that once you see termites it may be too late to prevent an infestation. Forward thinking dwellers of wooden abodes get annual inspections as well as periodic treatments to be sure that the nasty little buggers don’t take up residence. You should do the same with the “nasty little bugs” that can inhabit your networking software. But just as you have to take precautions when the exterminators are spraying (to protect children and pets, for example) so too do you need to take precautions when applying updates and patches to your network. A small test facility can go a long way towards preventing “cure is worse than the disease” results when new patches are released.

It might seem trite, but it’s true that only the patches that are actually installed can do any good. It’s not easy managing a patching strategy, especially when it’s the desktop systems (rather than just the servers) that are involved. There are ways to automate the process, though, which can be a major boon to those looking to keep their networks well maintained. Microsoft’s Systems Management Server and the Software Update Service can be very useful in this regard.

Microsoft’s patch management, security updates and downloads page (https://www.microsoft.com/technet/security/topics/patch/) contains links to papers on these topics as well as more tips and suggestions.

But for those of you still skeptical about patches, those who live by the mantra “if it ain’t broke don’t fix it,” there’s one more bit of reading I’ll suggest. “Improving Patch Management” (https://www.microsoft.com/security/whitepapers/patch_management.asp) talks about Microsoft’s new strategies based on feedback from hundreds of customers to make the entire process of managing systems and patches as error-free as possible while mitigating the amount of time needed.

Microsoft is working “…in four key focus areas to better inform customers, deliver usable tools, standardize the behavior of patches and improve their overall quality,” according to the paper. Read it, understand it then adapt it to your circumstances.

Come back next time when we look at “disease prevention,” or dealing with viruses.