Patch management often presents conflicting demands on IT organizations charged with ensuring system security while optimizing system reliability and integrity. Because the time between discovering a system vulnerability and the emergence of an attack is declining, IT organizations are under pressure to apply patches before adequate testing, and without system downtime. A sound patch management strategy is a critical part of any secure enterprise.

Baseline the Environment:

Developing any patch management plan begins with a firm understanding of the current enterprise. Data must be gathered on the configuration of every server, workstation, and network component in the system. Such data is necessary when evaluating the risk and therefore the necessity of particular patches.

This baselining may be performed as part of a larger configuration management and risk assessment effort. Although data may be gathered manually, automated tools exist which will do the same work while also keeping the data current. Vulnerability scans can be used to discover services that should be removed or disabled.

Once data is gathered, machines should be brought to the same benchmark security risk level. For servers, an assessment must also be made of their criticality to the enterprise. Change control documents and procedures should be developed, particularly if server hardware and operating system maintenance is performed by one group while software application maintenance is performed by another.

Identify, Evaluate, and Plan:

Keeping current with system updates and patches can be overwhelming. Not only are there often many, but decisions about which are critical, which are merely useful, and which are unnecessary or even potentially harmful, must be made quickly.

Automated tools can make the identification and evaluation stage easier by monitoring the current patch status of the server or workstation (or scanning it on demand) and comparing the status with the ideal configuration for the system, producing recommendations for patch installation.

Perform Test Deployment:

Before deploying patches to the wider enterprise, deployment should be conducted in a test environment that mirrors the production environment. At a minimum the environment should represent all critical applications, and ideally, all enterprise platforms. If replication of the production hardware is not possible, at least patch compatibility with operating systems and applications should be tested. Test deployment should begin with the least critical servers first.

Deploy and Report:

New tools for patch distribution can greatly simplify deployment. Tools such as the Microsoft Systems Update Services audit the enterprise, download patches from a central database, and manage their installation. They may also analyze dependencies and provide rollback features. Patches can be advertised, downloaded, and installed by clients according to security settings determined by a group security policy. Such solutions exist for Windows as well as UNIX/LINUX systems; cross-platform patch management solutions are also available for heterogeneous enterprises. Enterprises without these tools can use login scripts or place patches on intranet sites for users to install themselves. Patching of mission-critical servers should be done manually during off-peak hours in case recovery is necessary.

Jonathan Coupal is the Vice President and Chief Technology Officer of ITX Corp. Mr. Coupal manages both the day-to-day and strategic operations of the Technology Integration Practice Group. Among Mr. Coupal’s greatest strengths are evaluating customers’ unique problems, developing innovative, cost effective solutions and providing a “best practice” implementation methodology. Mr. Coupal’s extensive knowledge and experience enables him to fully analyze client systems to recommend the most effective technologies and solutions that will both optimize their business processes and fulfill immediate and future goals. Mr. Coupal and his team build a high level of trust with clients, establishing ITX as their IT partner of choice. Mr. Coupal holds certifications with Microsoft and CompTia, including MCSE, MCSA, Security+, Linux+ and i-Net+, and served as a Subject Matter Expert (SME) for the development of the CompTia Linux+.

About ITX Corp:

ITX Corp is a business consulting and technology solutions firm focused in nine practice areas including Business Performance, Internet Marketing, IT Staffing, IT Solution Strategies and Implementation, Technical Services, Internet Services, and Technology Research. To learn more about what ITX can do for you visit our website at http://www.itx.net or contact us at (800) 600-7785.

Have you ever noticed that when you look at your browser favorites menu or the address bar, some entries have their own little icon beside their URL?

It’s called a "Favicon" (a graphic file with a .ico extension) and it’s placed in the root directory of the web site. Everytime you bookmark a site that has its own favicon.ico file, it is added to your browser, and it will be visible from then on in the favorites menu and in the address bar.

At the beginning, only large websites had a favicon, but now you too can create one and use it to brand your website. The first thing you have to do is to create your favicon. To be displayed by browsers, it must have a size of 16×16 pixels. To create one, you can use a graphics program called Icon Forge (you can download a free trial version in CNET):

http://download.com.com/3000-2195-10128559.html

You can either create an icon from scratch, or import a 16×16 ‘.gif’ or ‘.jpg’ file and save it as a ‘.ico’ file.

You will then have to save your icon with the default name of ‘favicon.ico’, and upload it to the root directory of your website (where your index page is). Finally, after that, you must associate your icon to your web page. You do that by including the following HTML code immediately after the HEAD tag of your page:

link REL="SHORTCUT ICON" HREF="http://www.yourwebsite.com/favicon.ico"

Once you’ve done that, that’s it. To try it out, go to your web page and add your page to your favorites. You should be able to see the favicon next to your bookmarked page title. Also, the next time you type your URL in the address bar, you will see your favicon to the left of the URL.

(Favicons work with Internet Explorer 5 or newer, and with recent versions of Netscape.)

——-

You can freely reprint this article. Just include the following resource box at the end:

About The Author

Mario Sanchez lives in Miami, Florida, where he publishes The Internet Digest ( http://www.theinternetdigest.net ) a website and newsletter that gives you free advice on web design and Internet marketing.