Patch Management (39.3.4)
Cybercriminals work relentlessly to exploit weakness in computer systems. To stay one step ahead, keep systems secure and up to date by regularly installing patches.
What Are Patches?
Patches are code updates that prevent a new virus, worm, or other malware from making a successful attack. Patches and upgrades are often combined into a service pack. Many malware attacks could have been avoided if users had installed the latest service pack.
Operating systems such as Windows routinely check for updates that can protect a computer from the latest security threats. These include security updates, critical updates, and service packs. Windows can be configured to automatically download and install high-priority updates or to notify the user as these become available.
What Do You Need to Do?
As a cybersecurity professional, it’s good practice to test a patch before deploying it throughout the organization. A patch management tool can be used to manage patches locally instead of using the vendor’s online update service.
An automated patch service provides administrators with more control rather than searching for patches when needed. Let’s look at the benefits:
- Administrators can approve or decline updates.
- Administrators can force the update of systems on a specific date.
- Administrators can obtain reports on the update(s) needed by each system.
- There is no need for each computer to connect to the vendor’s service to download patches; instead, it gets the verified update from a local server.
- Users cannot disable or circumvent updates.
In addition to securing the operating system, it’s important to update third-party applications such as Adobe Acrobat, Java, and Google Chrome to address vulnerabilities that could be exploited. A proactive approach to patch management provides network security while helping to prevent ransomware and other threats.
A host-based security solution is a software application that runs on a local device (or endpoint) to protect it. The software works with the operating system to help prevent attacks.
Host-based solutions include the following.
A host-based firewall runs on a device to restrict incoming and outgoing network activity for that device. It can allow or deny traffic between the device and the network. The software firewall inspects and filters data packets to protect the device from becoming infected. Windows Firewall, installed by default during Windows installation, is an example of a software firewall.
You can control the type of data sent to and from the device by opening or blocking ports. Firewalls block incoming and outgoing network connections unless exceptions are defined to permit or deny traffic to or from those ports. You can select “inbound rules” to configure the types of traffic that are allowed to pass through to the system—this will protect the system from unwanted traffic.