A person who heard the term ‘patch management’ a few years ago would probably have been forgiven if he/she thought that it was some kind of obscure unit in a needlework course! Today, however, patch management is used to refer to an activity that should be a central element of any network security strategy.
p { margin-bottom: 0.08in; }a:link { }
Up until fairly recently most software installations were ‘set and forget’ affairs. Users installed software and used it ‘as is’ with periodic upgrades delivered (usually in the form of a completely new program) on CD-Rom. The evolving nature of online threats and the phenomenal growth in always-on broadband connections mean that it is now both necessary and possible to upgrade-as-you-go, with updates delivered in downloadable format. A ‘patch’ refers to a downloadable post-installation software update. Developers release updates for a variety of reasons. Most common among these are:
So why do network administrators need a patch management system? Would it not be possible to simply have updates auto-delivered as is the case with many programs in the personal computing market? This is, for example, the default way in which Microsoft’s operating system ‘service packs’ (these are essentially ‘mega patches’) are delivered. There are many reasons why auto delivery is not advisable in a complex network environment. The following are the most important:
-
Control: Most network administrators are understandably nervous about allowing complex background processes that are not under their control running on their systems. This is essentially what happens when an automated update is applied. Negative fallouts from such processes can range from annoying (slowing network speeds) to menacing (exposing sensitive data to outside parties).
-
Security: Many automatic updates are written in a one-size-fits-all manner and do not take specific security arrangements into account. Applying such updates without carefully positioning them within the local security environment can lead to the malfunctioning of programs or even the creation of security vulnerabilities.
-
Integration: Software installed in a complex network environment will have to seamlessly interface with a host of other programs. Most network administrators would therefore prefer to thoroughly test how well an update integrates with the wider system before installing it.
-
Stability: It is, sadly, often the case that deadlines cause software developers to release updates that are not quite ready. This can obviously cause major hassle and instability in a network environment. Careful testing is therefore of the essence, something that can only be done if you have some level of control over how updates are delivered and installed.
-
Knowledge: Having an overall view of the state of a network is vital. Achieving this kind of birds-eye-view is much easier if you have complete control over when and how items are installed.
The factors mentioned above should make it clear that a responsible and integrated system of patch management must be regarded as an essential element of network administration. The problem is, however, that most administrators are daunted by the amount and complexity of patches that are required to keep a system ‘fighting fit’. Manual patch management is therefore an activity that is dreaded by many IT professionals and that is therefore postponed to the last possible moment. Obviously not a healthy, or secure, position to be in! This is why we highly recommend the use of patch management software. These programs will allow you to manage all of your patch management activities from a single, up-to-date and integrated interface. The benefits should be obvious. Not only will you save vast amounts of time, you will also be able to rest secure in the knowledge that you are keeping your system as secure as possible.
Why is all of this important? Simple – because a reliable network allows the enterprise to function smoothly and productively. Patch management can therefore be a key component in providing a secure and stable platform for the core business of your company.
About The Author
This guest post was provided by Arthur Turner on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. More information: GFI network auditing software
All product and company names herein may be trademarks of their respective owners.