• Choose a category
• All
• Classic-Fiction

Make sure you periodically review the manufacturers’ support websites and other support resources that are available to apply current updates and security patches to your systems. Doing this on a regular basis will lower your exposure to security risks.

Updating Your Operating System

Operating system manufacturers typically provide product updates. For example, Microsoft provides a series of regular updates for Windows (a proprietary system) and other applications. However, in the case of public source systems (such as Linux), the updates may come from a newsgroup, the manufacturer of the version you’re using, or a user community.

In both cases, public and private, updates help keep operating systems up to the most current revision level. Researching updates is important; when possible, so is getting feedback from other users before you install an update. In a number of cases, a service pack or update has rendered a system unusable. Make sure your system is backed up before you install updates.

Be sure to test updates on test systems before you implement them on production systems.

Three different types of updates are discussed here: hotfixes, service packs, and patches.

Hotfixes

Hotfixes are used to make repairs to a system during normal operation, even though they might require a reboot. A hotfix may entail moving data from a bad spot on the disk and remapping the data to a new sector. Doing so prevents data loss and loss of service. This type of repair may also involve reallocating a block of memory if, for example, a memory problem occurred. This allows the system to continue normal operations until a permanent repair can be made. Microsoft refers to a bug fix as a hotfix. It involves the replacement of files with an updated version.

Service Packs and Support Packs

A service pack or support pack (depending upon the vendor) is a comprehensive set of fixes consolidated into a single product. A service pack may be used to address a large number of bugs or to introduce new capabilities in an OS. When installed, a service pack usually contains a number of file replacements.

Make sure you check related websites to verify that the service pack works properly. Sometimes a manufacturer will release a service pack before it has been thoroughly tested. An untested service pack can cause extreme instability in an operating system or, even worse, render it inoperable.

One large OS manufacturer released a service pack for a popular server product three times before it was right. When installed, this service pack caused many systems to become inoperable. The service pack took down the entire server farm of a large ISP. Many users lost their servers for several days while everything was sorted out and repaired.

Patches

A patch is a temporary or quick fix to a program. Patches may be used to temporarily bypass a set of instructions that have malfunctioned. Several OS manufacturers issue patches that can either be manually applied or applied using a disk file to fix a program.

When you’re working with customer support on a technical problem with an OS or applications product, customer service may have you go into the code and make alterations to the binary files that run on your system. Double-check each change to prevent catastrophic failures due to improperly entered code.

Patches fix problems, but they also add the potential for new problems. Most manufacturers would rather release a new program than patch an existing program. A new release can repair multiple problems.

When more data is known about the problem, a service pack or hotfix may be issued to fix the problem on a larger scale. Patching is becoming less common, but it’s still very much a way of life for many vendors and administrators.

Hardening Network Devices

The discussions up to this point have dealt with how to establish security baselines and update operating systems. We’ve also briefly discussed filesystems. The next sections deal with keeping your network devices up-to-date. The routers,