Section 20.193 Patch Management Flashcards
Objectives 2.5 Explain the purpose of mitigation techniques used to secure the enterprise. Objectives 4.1 Given a scenario, you must be able to apply common security techniques to computing resources. Objectives 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security. (5 cards)
Patch Management
Planning, testing, implementing, and auditing of software patches
Important for compliance and up time
Patch Management: Four Step Process
Planning
Creating policies, procedures, and systems to track and verify patch compatibility
● A good patch management tool confirms patch deployment, installation, and functional verification on servers or clients
Patch Management: Four Step Process
Testing
Do this to prevent the patch from causing additional problems
Patch Management: Four Step Process
Implementing
● Deploy to all devices that need it
● Can be done manually or automated
● Large organisations should use a central update server instead of Windows Update or other tool
● Mobile devices can be patched using an MDM
● Patch Rings: Implement patches one group (or ring) at a time
Patch Management: Four Step Process
Auditing
● Scan network to ensure the patch was installed correctly
● Determine if there are any unexpected problems as a result of the patch
○ Firmware versions should also be monitored and patched: Companies will have centralized resources to help keep firmware patched
