October 31, 2014

In Brief: GFI LanGuard 2012 SR1 released

(LiveHacking.Com) –  GFI has released the latest version of its LanGuard product suite. By acting as a virtual security consultant it combines three key activities into one software solution: patch management, vulnerability assessment and network auditing. This means that LanGuard has the potential to reduce costs as well as help secure your network. It can also be of use in asset inventory, change management, risk analysis and proving compliance.

New in 2012 SR1 is the addition of patch management capabilities for Mac OSX systems as well as traditional Windows systems. Also the new version has better compliance reporting and can create reports for a variety of standards including the Health Insurance Portability and Accountability Act (HIPAA) and the Payment Card Industry Digital Security Standard (PCI-DSS).

You can download a 30 day free trial from here.

5 Ways to Create the Right Patch Management Policy

While patch management is, conceptually, a straightforward task, its correct implementation is not always that simple. One might be tempted to simply deploy patches on a need to basis without giving it much thought; however, in order for patch management to be fully effective, the right patch management policy is required, as without it patch management could become the threat you’re actually trying to prevent.5 Ways to Create the Right Patch Management Policy

So what makes the right patch management policy?

1. Inventory

Without knowing which software or systems need patching, no proper patch management process can exist. While this might seem obvious, it’s a step often overlooked in a company’s patch management policy. An inventory is also required when testing environments are created – an essential item in any patch management policy. Inventories can be done manually, however it’s wise to either have scripts that automate the process to a degree, or use a network scanner to do the job.

2. Monitoring

Every patch management policy needs a process that can identify which patches are missing or outdated, and this can be achieved by either monitoring vendor sites or using patch management detection software.

3. Testing

Once an administrator determines and downloads the patches needed on the network, it is essential that they are tested before they are deployed to make sure that that they are working well across all systems. Test environments that perfectly mimic the actual environments that the patches will be deployed on are needed. A blueprint for such environments ought to be prepared during the inventory step. As time goes by it’s important to keep the test environments in line with the actual environments. This can be done by comparing inventories or through the use of software which can notify the administrator when environments change.

4. Deployment and Verification

This is another pitfall. For many, their patch management process does not include verification but just deployment; however, the right patch management policy requires both. If the deployment fails for any reason, especially if the whole process of deployment is unattended, it can easily happen that the failure goes unnoticed thus giving the administrator a false sense of security. To avoid this, ensure that there is a way to determine the patch level of each machine and confirm that all the patches deployed were successful.

5. Disaster Recovery

No matter how many precautions are taken and how many tests are run, there is no guarantee that a patch deployment will not cause issues. Computer software is complex and it is impossible to test all possible combinations, especially when you factor hardware and chipsets in. Therefore, it is essential that a patch management policy includes a section on disaster recovery, so, should things go wrong, an administrator will be able to quickly recover the network to a working state.

Without the right patch management policy in place, patch management can indirectly be a security risk since the patch deployment itself can cause issues and possibly downtime. Once designed, the patch management policy will require a little extra effort; however, this is a much more favourable option than the effort spent trying to fix a broken environment, not to mention the loss of productivity.

Editor Note: This guest post was provided by Casper Manes on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Learn more about creating the right patch management policy.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

Why Do We Need Patch Management?

(LiveHacking.Com) – Patch management is a key function for anyone working in IT and is responsible for the network. There are various reasons why patch management is so important and how, if neglected, can lead to service disruptions or give cyber criminals access to the network where they can steal data or cause serious damage.

Computers work by running software that performs different operations. Operating systems, for example, are a list of instructions which the computer runs one after the other in order to do a task that the vendor intended.

From time to time, vendors will see the need to update their products to improve performance or to address some security issue and patch management is the process that makes changes to a program as per vendor’s specifications.

Why Would a Vendor want to update their software?

GFI LanGuard shows missing updates

GFI LanGuard shows missing updates

The primary reason is that the software contains errors. Errors in coding or more specifically in the logic flow of a program can lead to a malicious attacker exploiting the logic to make the program perform in a way that the vendor never intended it to. This could cause either a service disruption or, even worse, allow an attacker to manipulate the program so that it runs the code the attacker wants and, in so doing, giving him or her control over the system.

Programs are quite complex and based on millions of lines of such instructions. It is fair to say that every piece of software contains errors which cause some type of side effect. In many cases, these errors often go unnoticed, however if an error causes a major problem, then a vendor is in a race against time to correct the problem. The longer it takes to correct the errors, the greater the window of opportunity for malicious people exploit the error and target those who are using the software.

What are the risks if a system is unpatched?

Systems that are not regularly patched can experience a number of issues, including:

  • Intrusions – Malicious attackers can gain access to your system and:
    • Turn it into a botnet – your computer is taken over and used to launch attacks on other computers or used to send spam
    • Steal Information and/or install mechanisms to spy on all that happens on that computer and other PCs on your network in the future
    • Create /Install a Backdoor or Rootkit – The attacker might install software allowing him easy access to the computer even if the issue is subsequently patched
    • Hacktivism – The attacker might gain access to your web server in order to change it to display political/activism messages
    • Beachhead – the attacker might use this machine to run further attacks on your network to gain access to more critical/valuable systems
  • Denial of Service – The attacker might use the coding error to crash your system
  • Stability – Coding Errors are a problem not only when someone tries to exploit them but bad code can cause a system to fail on its own if not fixed.
  • Performance – Sometimes a vendor may issue a patch to boost the program’s performance and provide additional value to the customer.

Vendors do not issue patches if it is not essential for their customers. Creating a Patch involves a lot of work for a vendor in terms of development and testing. A robust patch management policy and system can help administrators promptly install patches when a vendor issues them and thereby ensure that systems are up-to-date and error-free.

Editor Note: This guest post was provided by Emmanuel Carabott on behalf of GFI Software Ltd. GFI is a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs. Read more on patch management.

Disclaimer: All product and company names herein may be trademarks of their respective owners.

 

Is Your Patch Management Policy Effective?

Although there are many different ways hackers can try to gain access to your network and information resources (including social engineering and use of lost or stolen passwords), the exploitation of unpatched software is one of the most common vectors used and is often one of the most effective for the hacker.

To manage the software on your network and to ensure that it is up to date, an effective patch management policy is needed. Here are some points to remember when creating or reviewing your patch management policy.

  • A patch management policy needs to find the right balance between reducing your organization’s vulnerability to outside attack while ensuring that applying the patches doesn’t interrupt normal business.
  • Define a workable policy for patch testing. Patches to end user software like Adobe Flash Player or Adobe Acrobat can be installed with minimal testing. However patches to your database server need rigorous testing before being applied.
  • How competent is the patch provider? Should automatic updates be accepted without question? Maybe updates from Adobe (for Flash and Acrobat Reader), Google (for Chrome), Mozilla (for Firefox) etc should be trusted. However software companies aren’t immune to releasing bad patches. Read how Microsoft released a patch which broke VMWare’s View Client.
  • Understand the priority of patches. Vulnerabilities which are being actively exploited should be considered higher priority to those which are theoretical. If patches are released in response to an actual incident consider applying the patches as soon as possible.