Network management Toolkit

Is your patch programme up to scratch?

Deb Shinder Tech Republic

Published: 27 May 2005 11:10 BST

Windows patch management is a little like taking out the trash or cleaning the toilets: It's not fun, but it has to be done. Most of the network administrators I know seem to approach it in one of three ways:

Avoidance: they put it off as long as possible and then rush through it as quickly as they can.
Automation: they turn on Windows Update's automatic update feature on all the machines, "set it and forget it" (which is really just another form of avoidance) and pray that they won't encounter any incompatibilities.
Overkill: they set up an elaborate patch management programme that involves personally trying out every patch in a test bed environment on an exact replica of every one of their production servers and then using expensive and complex deployment servers to apply the patches, after running complete and comprehensive vulnerability scans on each system to document exactly which patches are missing — in essence, making patch management a full-time job.

Whether your network is a small business workgroup or a multi-domain enterprise, keeping the systems on your network properly updated is absolutely essential. New operating system and application vulnerabilities are being discovered every day, and as soon as a vulnerability is made public, someone, somewhere will find a way to exploit it. Avoidance isn't the answer

Avoidance isn't the answer, but it's most common among administrators of small networks — the ones that are least likely to have adequate fault tolerance measures and other security solutions in place and thus stand to lose the most — at least, as a percentage of their revenues — if their systems are hit.

To be effective, your patch management plan must be timely and continuous. Unfortunately, as with any type of preventative maintenance, it's easy to put it off because you're always busy taking care of more immediate problems. That means some type of automation is almost inevitable.

1 2 3

Did you find this article useful?
152 out of 321 people found this useful

More In Network management

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

Messaging Support Analyst (AD,TREND protection,Exchange) BANKING

Other main functions of the role are troubleshooting & resolving cross platform message flow related issues, problem resolution & estate & patch ...

Messaging Support Analyst (AD,TREND protection,Exchange) BANKING

Other main functions of the role are troubleshooting & resolving cross platform message flow related issues, problem resolution & estate & patch ...

Terminal Services Specialist at Top Financial Comapny!(Wins/HP/AD)

You MUST have experience support Terminal Services utilising Thin Clients and be working as part of a Windows server team, supporting, providing ...

Featured Talkback

Could it be that ISP’s are making this out to be a bigger problem than it actually is? We’re a small country with an internet penetration of less than 60%, for every Youtuber there’s someone who only uses the internet to check their emails, more people surf on their mobile handsets than a few years ago. Surely things should even themselves up.