January 20, 2007

Being Safe Online with Patch Management

Over the past few days I've been hammered with a lot of information on security announcements from technology vendors. Could it be because of Vista's consumer release and there's buzz around it? Could it be because there is an increase in security breaches? I'm not really sure.

But whatever the reason is, being secure should be a constant concern for you.

Dean Turner, ISTR Executive Editor and Spokesperson for Symantec has written an overview of some security best practices to implement in your business. I've shortened the entire article and included the key points below.

Vulnerabilities are most often found in software, but they exist in all layers of information systems, from design or protocol specifications to physical hardware implementations. They may be triggered actively, either by malicious users or automated malicious code, or passively during system operation.

The discovery and disclosure of a single vulnerability in a critical asset can seriously undermine the security posture of a small business.

[Note: Vulnerabilities can be found in web applications (we are using them more and more) and computer applications.]

To mitigate the risk that vulnerabilities present for small businesses, patching must become a priority. When a vulnerability is announced, the vendor in whose product it was found must develop and release a set of code known as a patch that will secure the vulnerabilityóthat is, plug the hole. Until a patch is developed, released, and applied, computers on which the vulnerability resides may be susceptible to successful attack, particularly if exploit code developed for that vulnerability becomes available before its related patch is.

The good news is that operating system vendors are developing and releasing patches faster than ever before

Unfortunately, hackers have also begun releasing exploits at a record pace. In fact, many security holes are undiscovered only after cyber criminals have already begun using them, often for financial gain. By targeting as-yet undisclosed vulnerabilities in the most popular Web browsers and office productivity software suites, cyber criminals have successfully launched attacks through software holes that only they had discovered.

In such a challenging environment, it is recommended that small businesses employ a patch management system or service as well as a vulnerability alerting service that will help them quickly assess whether a new vulnerability is a viable threat to their particular environment.

Needless to say, having a backup and recovery strategy is also key to protecting the information assets of small businesses.

0 comments