Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Guide available on managing security updates

Network Box : 20 November, 2009  (Technical Article)
The latest in Network Box's free guides on "Forgotten Security" focuses on security updates and the need for good management of patching
Network performance may be compromised if security updates are wrongly implemented, according to a new guide from managed security firm, Network Box. In the fourth in its 'Forgotten Security' series, the firm gives businesses advice on how to ensure that they are patching and updating their systems correctly.

The guide - Forgotten Security: Keeping up to date - advises IT teams to revisit their updating procedures to ensure that they cover not just their software, but also equipment such as routers.

Simon Heron, Internet Security Analyst for Network Box, says: "This year, we've seen a number of hospitals fall victim to Conficker many months after patches were made. If the proper updates had been done, their systems would have been immune to the infection. Vulnerabilities in routers that haven't been updated properly could lead to denial of service attacks, for example."

The guide also advises companies to assess the risk of installing an update that is not relevant (for example, should a patch for the wireless capability of a router be installed when the company doesn't use the wireless element). Installing the wrong patch could crash a system and make it inoperable.

A checklist for IT teams to use as part of the update process includes details on:

* Checking whether patches are provided by the system vendor
* Choosing the right patch that is compatible with the company's system
* How and when to test the patch, with the option to roll back if a mistake has been made
* Being able to replace the system if something goes wrong in the update process

Heron says: "Patching and updating security is vital. But if it is done carelessly, it can cause severe problems. So many security flaws are caused by 'forgotten security' processes, hence our series of guides."

The guide concludes with a buyers' checklist: questions that should be asked of any vendor at the point of buying a system, service or device. These are:

* How easy is the system to update?
* What do the vendors do to make you aware of any issues?
* Where can solutions be downloaded and installed?
* How can you test the patch?
* Can you roll back to how the system was before installation?

A free copy of Network Box's 'Forgotten Security: managing updates' guide can be downloaded from the Network Box web site.

Previous guides in the 'Forgotten Security' series include:
* Managing applications
* Routing - the hole in the wall
* Change control
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo