 |
|
|
|
|
 |
CertiGuide to Security+ 9 Chapter 3: Infrastructure Security (Domain 3.0; 20%) 9 3.5 Security Baselines 9 3.5.1 OS/NOS Hardening |
|
3.5.1.2 Updates
As if we haven’t mentioned this enough already, you need to watch for them and install them. Vendors produce updates for all sorts of reasons – not just for fixing security issues.
Because of the propensity for vendor-supplied patches to “break things”, many organizations have developed a policy of a “wait and see” approach, letting a patch (program fix) “age” for a bit out in the community to shake out any bugs that didn’t show up during its beta testing, or of performing tests using production applications on a test server prior to rolling the patch out to production users. A wise person would perform update tests on a test platform before installing on a live network to be sure the update does not break any line of business applications or processes.
You can usually find updates of all sorts for a product (OS or application) in that product’s area of your vendor’s web site.
Additionally, vendors typically make security patches available in a special area of their web site, for easy access. For example, both Sun and Microsoft offer security bulletin and patch collections. Microsoft’s may be found at http://www.microsoft.com/security, and Sun Microsystems’ may be reached in the Security section of http://sunsolve.sun.com.
It is partially due to vendors’ awareness of end users’ hesitance to test and install an endless parade of patches to do things like add support for new devices, tweak an obscure system function rarely used by end users, optimize RAS communications, etc. that vendors often issue security updates which include only vital security patches. These patches are often called “critical updates” or “hotfixes”. They’re sometimes rushed out the door somewhat, to get a fix for a critical issue onto vulnerable systems as quickly as possible. This means that quality might not be up to the standards of a service pack, and it comes down to the administrator’s judgment call, on whether it’s worth the risk to install it. On the positive side, since a hotfix is targeted to a specific issue, the amount of testing needed at an end user site is typically smaller than what is required to test a service pack.
Other, generally better-tested, updates might be termed “service packs” or “update packs”. These are sets of patches that have generally gone through both internal vendor testing and a field test process, to help ensure that they will not negatively affect systems.
Even then, undesirable side effects are not unheard of, when the service pack makes its way onto a system with a configuration it had not been tested on before release.
|
Patch, Hotfix, Service Pack
|
| |||||||||||||||||||
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.