CASES.LU

Glossary

  1. ▹ Antivirus
  2. ▹ Assets
  3. ▹ Authentication
  4. ▹ Availability
  5. ▹ Basic criteria for risk analysis
  6. ▹ Computer Hacks
  7. ▹ Confidentiality
  8. ▹ Control
  9. ▹ Cryptography
  10. ▹ Cybercrime
  11. ▹ Cybercriminals
  12. ▹ DRP – Disaster Recovery Plan
  13. ▹ Data backups
  14. ▹ Data loss
  15. ▹ Defacement
  16. ▹ Disinfect machine with a live CD
  17. ▹ Disposal
  18. ▹ Email
  19. ▹ Firewall
  20. ▹ Human error
  21. ▹ IDS/IPS
  22. ▹ Image rights
  23. ▹ Impact
  24. ▹ Integrity
  25. ▹ Internet and copyright
  26. ▹ Legal Aspects
  27. ▹ LuxTrust
  28. ▹ Malicious Codes
  29. ▹ Malicious websites
  30. ▹ Network segmentation
  31. ▹ Password
  32. ▹ Patches
  33. ▹ Phishing
  34. ▹ Physical faults
  35. ▹ Securing a fixed workstation
  36. ▹ Physical theft
  37. ▹ Recommendations for securing a file server
  38. ▹ Recommendations to secure a server connected to Internet
  39. ▹ Recommendations to secure a Web server
  40. ▹ Removable devices
  41. ▹ Risk processing
  42. ▹ Spam – unwanted emails
  43. ▹ SSL/TLS – encryption technologies on the web
  44. ▹ Update softwares with Secunia PSI
  45. ▹ Security Charter
  46. ▹ Social engineering
  47. ▹ Threat
  48. ▹ Virtual Private Networks (VPNs)
  49. ▹ Vulnerabilities
  50. ▹ Web of Trust - WOT
  51. ▹ Web filter – Proxy
  52. ▹ Why is it important to protect your computer?

Patches

In brief

Flaws can in some cases be used as an entry point for malicious code or malicious sites seeking unauthorised access to the computer. It is therefore important to correct these flaws by applying patches.

A patch is an update, in the form of a file or software, that corrects a security flaw in an operating system or program.

In some cases, the patch will not only fix a flaw, but will also add new features to the computer software or operating system.

Life cycle

The life cycle of a security patch starts in most cases when the software manufacturer sends notification of the flaw or even makes a direct public announcement. In limited cases, depending on certain national laws and regulations, public announcement without the manufacturer’s authorisation may be considered unlawful.

From this time, for an arbitrary period, the software manufacturer validates the existence of the flaw by an announcement or by publishing a security bulletin.

In most cases, the announcement is accompanied by the provision of a patch to correct the existing flaw.

Behavioural measures

It is important to carry out updates. The saying “Never touch a running system” is not valid from the point of view of security.

Obviously, however, care is required when installing new programs.

Organisational practices

The organisation must draft and enforce a sectoral policy on systems development and management – management of technical vulnerabilities

Technical measures

  • It is important to test patches before deploying them on key systems. It is practical to keep a test computer for this purpose.
  • You can use the Secunia online service to check for patches for your operating system or your installed software. Alternatively, download a Secunia application (note that their PSI version must not be used in a professional context). These services will tell you which software to update.
  • In a Microsoft infrastructure it is advisable to set up a WSUS update server, if possible with extensions enabling updates to all software on workstations.

Table of Contents