Network performance may be compromised if security updates are wrongly implemented, according to a new guide from managed security firm, Network Box. In the fourth in its ‘Forgotten Security’ series, the firm gives businesses advice on how to ensure that they are patching and updating their systems correctly.
The guide – Forgotten Security: Keeping up to date – advises IT teams to revisit their updating procedures to ensure that they cover not just their software, but also equipment such as routers.
Simon Heron, Internet Security Analyst for Network Box, says: “This year, we’ve seen a number of hospitals fall victim to Conficker many months after patches were made. If the proper updates had been done, their systems would have been immune to the infection. Vulnerabilities in routers that haven’t been updated properly could lead to denial of service attacks, for example.”
The guide also advises companies to assess the risk of installing an update that is not relevant (for example, should a patch for the wireless capability of a router be installed when the company doesn’t use the wireless element). Installing the wrong patch could crash a system and make it inoperable.
A checklist for IT teams to use as part of the update process includes details on:
• Checking whether patches are provided by the system vendor
• Choosing the right patch that is compatible with the company’s system
• How and when to test the patch, with the option to roll back if a mistake has been made
• Being able to replace the system if something goes wrong in the update process
Heron says: “Patching and updating security is vital. But if it is done carelessly, it can cause severe problems. So many security flaws are caused by ‘forgotten security’ processes, hence our series of guides.”
The guide concludes with a buyers’ checklist: questions that should be asked of any vendor at the point of buying a system, service or device. These are:
• How easy is the system to update?
• What do the vendors do to make you aware of any issues?
• Where can solutions be downloaded and installed?
• How can you test the patch?
• Can you roll back to how the system was before installation?
A free copy of Network Box’s ‘Forgotten Security: managing updates’ guide can be downloaded here.
For more information on security issues, visit Network Box, see Simon Heron’s blog; or follow him on Twitter.
