Managing the patchwork mess

No system is immune to viruses. Unfortunately, discovering these security weaknesses is usually left up to virus and worm writers and hackers. If you aren't the first one attacked, there are usually patches available to inoculate your system. Writer Mandy Andress discusses a procedure for keeping your patches installed and up-to-date on InformIT. Here is a bit about that procedure and a list of sites you can visit to find out about new patches.

Identifying vulnerabilities, finding the correct software patches, downloading the code, installing the security update in the right sequence (assuming that you've selected the correct fix for your application version) and validating effective installation is quite a process. Plus, keep in mind that all of this needs to be done before hackers send notice to your firm in their own special ways.

You need to create a system to manage security updates and patches for your software, including operating systems, business applications, Internet access and even security applications. Although creating a security update system is daunting, after you've got one, your company should be able to keep on top of the security maintenance challenge.

Surprisingly, just a few steps can help you update and protect your systems against common exploits. Because small businesses don't have the myriad software and network configurations that large corporations do, you should be able to keep track of security updates easily if you're systematic and take these precautions:

  1. Identify and list your software. For each, note the:
    • Type (such as operating, application, security)
    • Vendor
    • Version
    • Installation date
    • Name of the installer
  2. Every time you make a change on a software product, note the:
    • Name of the update, patch or fix installed
    • Functional description (what the code updates, adds or modifies)
    • Source of the code (where the code was obtained)
    • Date the code was downloaded
    • Date the code was installed
    • Name of the installer
  3. Retain your security update downloads in their own directory on a file server or other storage location.
  4. Create a "readme" file that documents each download's:
    • Name
    • Description
    • Date of storage

Don't delude yourself. Even if you have no resources for a dedicated security staff person, a security updating and patch documentation system is mandatory. If you outsource security or software updates, you should expect the vendor to send you its patch logs at your request. If the firm resists your request or you experience slow or no delivery, you might want to reconsider your choice of outsourcing companies.

Mandy also provides a nice list of sites to visit to find out about security patches.

The SANS Institute proposes the 10 most critical Internet security threats at http://www.sans.org/topten.htm. CERT also supplies a host of information to improve your security, as does ZDNet's Security IT Resource Center.

Here are some other helpful sites listed by system:

Microsoft: http://www.microsoft.com/technet/security/current.asp

Sun: http://sunsolve.sun.com/pub-cgi/secBulletin.pl

Linux: Red Hat: http://www.redhat.com/apps/support/updates.html Caldera: http://support.calderasystems.com/caldera?faq&15-10 Linux-Mandrake: http://www.linux-mandrake.com/en/security/ SuSE Linux: http://www.suse.com/us/support/security/index.html Debian: http://www.debian.org/security/

Cisco: http://www.cisco.com/warp/public/770/

Read about Mandy's advice on signing up for mailing lists over at InformIT. Registration is required, but it's free.

This was first published in October 2001

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.