As I’m staring March straight in its smug little face, I’m reminded of those resolutions I made back on January 1 (it seems so long ago). I am not any fitter, my diet is not any healthier, and I’m generally the same person I was at the beginning of this year. While the personal resolutions I made may not have any net impact on my life or career, forgetting commitments to maintain a safer and more secure computing environment for end users can certainly be career limiting.
In spirit of rekindling our commitments to our users, I thought it would be appropriate to review one of the foundations of desktop security– Vulnerability Management. That’s right, Vulnerability Management. Some of you may affectionately refer to this category as Patch Management or Software Updating. Its not cutting edge, its not the latest and sexiest security tool out there. However, being up to date on your patching execution goes a long
way. I’m not simply talking about patching your Operating Systems every second Tuesday of each month (do it though—its important). You have to make sure that the non-Microsoft applications are patched and safe as well.
The fact is Microsoft gets attacked simply because a malicious code writer knows that Microsoft Windows owns the desktop computing space. Hackers are going to get the most bang for their exploited buck by attacking Microsoft. However, Microsoft is not the only game in town; Java and Adobe are not far behind in the numbers of exploits. When you patch, make sure you have a strategy that includes patching third party applications too.
So many vulnerabilities, where to start? Start with the following patches:
- OS vulnerabilities that allow for elevation of privileges
- Outdated versions of Java
- All critical level patches for software in your environment
These three areas are historically targeted, and will continue to be exploited for the foreseeable future. But don’t stop there. As a person trying to secure your environment, you need to be aware of the applications you have in your environment, assess the risk of those applications, put policy around risky applications (get them out of your environment if you can), and make sure the known security threats around those applications are remediated.
This sounds pretty elementary, but a proper vulnerability management strategy will save your environment. There is not much sense in spending big dollars on advanced security measures if you’re not keeping up with your software updates.
Effective patching is a routine and you can easily automate it with LANDESK. I wish I could do the same with my resolutions. Keep patching!
For those of you needing more help with patching or software updates, check out these guidelines to get started.