Patch Management


Visitors: 302

Patch management often presents conflicting demands on IT organizations charged with ensuring system security while optimizing system reliability and integrity. Because the time between discovering a system vulnerability and the emergence of an attack is declining, IT organizations are under pressure to apply patches before adequate testing, and without system downtime. A sound patch management strategy is a critical part of any secure enterprise.

Baseline the Environment:

Developing any patch management plan begins with a firm understanding of the current enterprise. Data must be gathered on the configuration of every server, workstation, and network component in the system. Such data is necessary when evaluating the risk and therefore the necessity of particular patches.

This baselining may be performed as part of a larger configuration management and risk assessment effort. Although data may be gathered manually, automated tools exist which will do the same work while also keeping the data current. Vulnerability scans can be used to discover services that should be removed or disabled.

Once data is gathered, machines should be brought to the same benchmark security risk level. For servers, an assessment must also be made of their criticality to the enterprise. Change control documents and procedures should be developed, particularly if server hardware and operating system maintenance is performed by one group while software application maintenance is performed by another.

Identify, Evaluate, and Plan:

Keeping current with system updates and patches can be overwhelming. Not only are there often many, but decisions about which are critical, which are merely useful, and which are unnecessary or even potentially harmful, must be made quickly.

Automated tools can make the identification and evaluation stage easier by monitoring the current patch status of the server or workstation (or scanning it on demand) and comparing the status with the ideal configuration for the system, producing recommendations for patch installation.

Perform Test Deployment:

Before deploying patches to the wider enterprise, deployment should be conducted in a test environment that mirrors the production environment. At a minimum the environment should represent all critical applications, and ideally, all enterprise platforms. If replication of the production hardware is not possible, at least patch compatibility with operating systems and applications should be tested. Test deployment should begin with the least critical servers first.

Deploy and Report:

New tools for patch distribution can greatly simplify deployment. Tools such as the Microsoft Systems Update Services audit the enterprise, download patches from a central database, and manage their installation. They may also analyze dependencies and provide rollback features. Patches can be advertised, downloaded, and installed by clients according to security settings determined by a group security policy. Such solutions exist for Windows as well as UNIX/LINUX systems; cross-platform patch management solutions are also available for heterogeneous enterprises. Enterprises without these tools can use login scripts or place patches on intranet sites for users to install themselves. Patching of mission-critical servers should be done manually during off-peak hours in case recovery is necessary.

Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal’s greatest strengths are evaluating customers’ unique problems, developing innovative, cost effective solutions and providing a “best practice" implementation methodology. Mr. Coupal’s extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice. Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.

About ITX Corp:

ITX Corp is a business consulting and technology solutions firm focused in nine practice areas including Business Performance, Internet Marketing, IT Staffing, IT Solution Strategies and Implementation, Technical Services, Internet Services, and Technology Research. To learn more about what ITX can do for you visit our website at or contact us at (800) 600-7785.


Article Source:

Rate this Article: 
The Celery Patch Wars
Rated 4 / 5
based on 5 votes

Related Articles:

Patch Management For Home Users

by: Jake Foster (December 09, 2006) 
(Computers and Technology)

Microsoft Patch Management for Home Users

by: Christoph Puetz (October 25, 2005) 
(Computers and Technology/Personal Tech)

Hernia Patch Recall - Bard Composix Kugel Mesh Patch Injury

by: Todd Going (January 16, 2007) 
(Health and Fitness)

Advantages of a Detox Patch Foot Patch

by: Apih Halim (November 28, 2010) 
(Health and Fitness/Detoxification)

Nicocure Quit Smoking Patch - Does the Nicocure Patch Really Eliminate Nicotine .

by: Randal Heath (July 07, 2007) 
(Health and Fitness/Quit Smoking)

Maxiderm Patch - Comparing Maxiderm With Other Male Enhancement Patch Products

by: Peter Kye (April 11, 2008) 
(Health and Fitness/Mens Issues)

Fat Loss Patch - Truth About Fat Loss Patch

by: Amy Hopper (May 22, 2008) 
(Health and Fitness/Weight Loss)

Testosterone Patch

by: Dane Bergen (July 27, 2008) 
(Health and Fitness/Supplements)

The Pumpkin Patch

by: Rachael Taylor (September 19, 2006) 
(Home and Family)

The Celery Patch Wars

by: John T Jones, Ph.D. (November 03, 2005) 
(Kids and Teens)