Patch Management is part of change management which includes process of managing the Systems by testing and installing multiple patches and updates. It is a never ending process and must be ongoing. Organizations and Professional users should adopt a strong Patch Management process to keep the systems updated and running with latest patches. This Post Explains basic about Patch Management and how everybody should apply the same in their environment.
Why you should be a part of Patch Management?
Testing: Testing the patches will help you to understand more about the products installed on systems
Techniques: Applying different patches helps to understand different kind of methods required to install particular patch for an application.
New Features: Patches and Updates comes with new features and possibilities which included new platform support, New Interface, New features etc. People associated with Patch Management can improve their understanding and service.
Compliance: Regular practice and compliance of patch management will keep you updated about the patches released in past, current Patch releases and the patches that are supposed to be released in near future.
Patch Management Process
Detection Process:This process includes the detection of latest Patch releases for your system. The detection mechanism should be automated because visiting each vendor websites for latest patch releases isn’t a feasible solution.
Risk Assessment process:
- Check if important patches are applied to the system.
- If patches are not installed, find the severity of the vulnerability/issue addressed by the patch. Here, the motive is to understand the risk of patching and not patching.
- Do the analysis to find out if found issues/vulnerabilities are threat to your environment. For example, let’s assume that ‘ubuntu’ has released an update for Ruby and the found vulnerability can be exploited to bypass certain security restrictions. Here, you can find out if ruby in installed on the system having ubuntu OS. If not, you don’t need to apply this update.
Testing Process:Install the downloaded patch in test environment in offline mode and verify that it is not causing other issues to the system and the newly installed patch is working affectively. Also, Create a backup of test machine before deploying the patches.
Deployment Process:Before doing deployment, create a backup and roll back option is already planned of something goes wrong. After ensuring, deploy the tested patches to the production environment.
Maintenance Process:keep a record of applied patches to the system and if any new vulnerability/issue is found, Start Patch management process again.
Patch Management techniques you should adopt to make your task easier
- Consolidate the Assets data on regular basis which includes Switch, Router, Printer, Laptop, Desktop, Server etc. You should also update the list of IP Addresses assigned, MAC Address, OS and version of installed applications.
- While installing the patches, read the documentation & changelog carefully. Never chose default options while installing a patch without proper justification.
- For startups and home environments, if Test environment is not available, patches should be deployed to the least critical, easily recoverable servers and then to next easily recoverable servers.
- For Softwares, Using VMware to establish a test lab is cost effective and efficient.
- Patching of critical servers should be done manually during off hours in case disaster recovery plans need to be implemented. If the patch is not an emergency fix, it can be applied during a regularly scheduled maintenance window.