Commerce, Featuring News, Press Releases, IT Directory & Links
Mis-managed security updates can cause network problems, says new guide from Network Box
Published 20th November 2009
Network performance may be compromised if security updates are wrongly implemented, according to a new guide from managed security firm, Network Box. In the fourth in its ‘Forgotten Security’ series, the firm gives businesses advice on how to ensure that they are patching and updating their systems correctly.
The guide - Forgotten Security: Keeping up to date - advises IT teams to revisit their updating procedures to ensure that they cover not just their software, but also equipment such as routers.
Simon Heron, Internet Security Analyst for Network Box, says: “This year, we’ve seen a number of hospitals fall victim to Conficker many months after patches were made. If the proper updates had been done, their systems would have been immune to the infection. Vulnerabilities in routers that haven’t been updated properly could lead to denial of service attacks, for example.”
The guide also advises companies to assess the risk of installing an update that is not relevant (for example, should a patch for the wireless capability of a router be installed when the company doesn’t use the wireless element). Installing the wrong patch could crash a system and make it inoperable.
A checklist for IT teams to use as part of the update process includes details on:
• Checking whether patches are provided by the system vendor
• Choosing the right patch that is compatible with the company’s system
• How and when to test the patch, with the option to roll back if a mistake has been made
• Being able to replace the system if something goes wrong in the update process
(The full checklist can be seen here.)
Heron says: “Patching and updating security is vital. But if it is done carelessly, it can cause severe problems. So many security flaws are caused by ‘forgotten security’ processes, hence our series of guides.”
The guide concludes with a buyers’ checklist: questions that should be asked of any vendor at the point of buying a system, service or device. These are:
• How easy is the system to update?
• What do the vendors do to make you aware of any issues?
• Where can solutions be downloaded and installed?
• How can you test the patch?
• Can you roll back to how the system was before installation?
A free copy of Network Box’s ‘Forgotten Security: managing updates’ guide can be downloaded here: http://www.network-box.co.uk/sites/default/files/NBWP_forgotten_security_4_up_to-date.pdf.
Previous guides in the ‘Forgotten Security’ series include:
• Managing applications
• Routing – the hole in the wall
• Change control
For more information on security issues, visit Network Box’s website, see Simon Heron’s blog; or follow him on Twitter.
- ends -
About Network Box:
Network Box Limited (NBL) is an international managed security services company, specialising in unified threat management (UTM). It continuously defends the networks of its customers using PUSH technology to instantaneously update protection, from 12 Security Operations Centres spread around the globe. NBL’s customers in Asia, Australia, North America and Europe include companies such as BMW, Nintendo and Toyota, as well as banks, utilities companies and government organisations.
For more information, see www.network-box.co.uk / www.network-box.com.
Further press information from:
Kate Hartley
Carrot Communications
Tel: 0771 406 5233
Email: networkbox@carrotcomms.co.uk