Posted by arlene

Updates

Updates for OSes and NOSes are provided by the manufacturer of the specific component. Updates contain improvements to the OS, and new or improved components that the manufacturer believes will make the product more stable, usable, secure, or otherwise attractive to end users. For example, Microsoft updates are often specifically labeled Security Updates. If you have never taken a look at these, they can be viewed at http://www.microsoft.com/athome/security/update/ bulletins/200701.mspx. These updates address security concerns recognized by Microsoft, and should be evaluated and installed as needed. In addition, updates may enhance the capability of a function within the system that was underdeveloped at the time the system or application was released. While you may be tempted to rush out and install these updates on all your vulnerable systems, you may want to test their effect first. Updates should be thoroughly tested in non-production environments before implementation. It is possible that a “new and improved” function (especially one that enhances user convenience) may actually allow more potential for a security breach than the original component. Complete testing is a must.

Hotfixes

Hotfixes are repair components designed to repair problems occurring on relatively small numbers of workstations or servers. Hotfixes are generally created by the vendor when a number of clients indiate that there is a compatibility or functional problem with a manufacturer’s products used on paricular hardware platforms. These are mainly fixes for known or reported problems that may be mited in scope. As with the implementation of updates, these should be thoroughly tested in a non-production environment for compatibility and functionality before being used in a production envionment. Because these are generally limited in function, it is not a good practice to install them on very machine. Rather, they should only be installed as needed to correct a specific problem.

Service Packs

Service packs are accumulated sets of updates or hotfixes. Service packs are usually tested over a wide range of hardware and applications in an attempt to assure compatibility with existing patches and updates, and to initiate much broader coverage than just hotfixes. The recommendations discussed previously also apply to service pack installation. Service packs must be fully tested and verified before being installed on live systems. Although most vendors of OS software attempt to test all of the components of a service pack before distribution, it is impossible for them to test every possible system configuration that may be encountered in the field, so it is up to the administrator to test their own. The purpose is to slow or deter compromise, provide security for resources, and assure availability.

Patches

Patches for OSes and NOSes are available from the vendor supplying the product. These are available by way of the vendor’s Web site or from mirror sites around the world. They are often security- related, and may be grouped together into a cumulative patch to repair many problems at once. Since patches are issued at unpredictable intervals, it is important to stay on top of their availability and install them after they have been tested and evaluated in a non-production environment. The exception to this is when preparing a new, clean install. In this case, it is wise to download and install all known patches prior to introducing the machines to the network.

Possibly related posts: (automatically generated)
Processes of OS and NOS Hardening continue…

• Network Access Control Databases
• Data Repositories
• Network Hardening OSes and NOSes
• RPC, PEER TO PEER, AND CONVERSATIONAL
• Processes of OS and NOS Hardening
• Client/Server must Know
• Reservations and Exclusions
• Count on Mobile Software
• The Skype API Operates on Windows and Mae OS X
• Popular Commercial IDS Systems