Section 20.193 Patch Management Flashcards
Objectives 2.5 Explain the purpose of mitigation techniques used to secure the enterprise. Objectives 4.1 Given a scenario, you must be able to apply common security techniques to computing resources. Objectives 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security.
Patch Management
Planning, testing, implementing, and auditing of software patches
Important for compliance and up time
Patch Management: Four Step Process
Planning
Creating policies, procedures, and systems to track and verify patch compatibility
● A good patch management tool confirms patch deployment, installation, and functional verification on servers or clients
Patch Management: Four Step Process
Testing
Do this to prevent the patch from causing additional problems
Patch Management: Four Step Process
Implementing
● Deploy to all devices that need it
● Can be done manually or automated
● Large organisations should use a central update server instead of Windows Update or other tool
● Mobile devices can be patched using an MDM
● Patch Rings: Implement patches one group (or ring) at a time
Patch Management: Four Step Process
Auditing
● Scan network to ensure the patch was installed correctly
● Determine if there are any unexpected problems as a result of the patch
○ Firmware versions should also be monitored and patched: Companies will have centralized resources to help keep firmware patched
