In today’s episode I talk about patching various types of systems and my recommendations for each.
Workstations
- BIOS/Firmware
- Update at deployment then as needed
- Drivers
- Update at deployment then as needed
- OS
- Update monthly
- Delay one month from release date unless critical
- Applications
- Enable auto-update if available
- Update monthly if reasonable, otherwise as needed
- Level of effort
- Cost
Servers
- BIOS/Firmware
- Update at deployment then as needed
- Drivers
- Update at deployment then as needed
- OS
- Update monthly
- Delay one month from release date unless critical
- Applications
- Deploy stable version and update annually or as needed
Networking
- Firmware
- Deploy stable version and update annually or as needed
Printers
- Firmware
- Deploy stable version and update annually or as needed
- Drivers
- Deploy stable version and update as needed
Mobile
- Smartphones
- Update major version as stable
- Enable auto-update for minor version if historically stable
- Apps should auto-update, delayed if necessary for testing
- Tablets
- Update major version as stable
- Enable auto-update for minor version if historically stable
- Apps should auto-update, delayed if necessary for testing
Misc
- IOT
- Try to deploy only if reputable manufacturer
- Enable auto-updates
- Intrusion Prevention
- Deploy stable version and update annually or as needed
- Access Control
- Deploy stable version and update annually or as needed
- Fire Alarm
- Deploy stable version and update annually or as needed
Final Thoughts
- Keeping systems updated is typically around 25% of your time as a SysAdmin
- Depending on the system much of this work will need to be completed after hours
- Choosing how often a system is updated is an important balance between required up time, stability and security
Podcast: Play in new window | Download | Embed
Subscribe: RSS