In this module we cover:
- Service packs and hot fixes
- Patches and Patch management
- Group Policy security templates
- Configuration Baseline
Service Packs and Hot fixes
Hot fixes are bug fixes. Hot fixes are synonyms for updates. Hot fix can address vulnerability.
Accumulated fixes/updates are called services packs. Windows call it service packs, and apple calls it support packs. Service packs are large and hot fixes are small updates.
All updates are part of normal software development process.
updates should be signed by valid CA of vendor.
If updates can not roll back, then test updates in test environment before actually installing in production.
Patch: Patch Management
What is patch? Patch is solution to bug/vulnerability.
Patch management Process:
1- Prioritization(server vs client side software) and scheduling(off peak hours )
2- Patch testing (prototype, pilot testing, staging area environment)
3- Change management
4- Audit and Assessment(Quarterly)
Group Policy Security Templates
Group Policy is configuration managed on windows server, and implemented on servers and workstations.
If we talk about just workstation, then LSP, Local Security Policy is there to implement all those configurations across operating system of workstation.
Examples of Policies in GP and LSP are:
- Password Policy
- Audit Policy
- Account Lockout Policy
All policies in GP/LSP have a baseline configuration, which administrator/user can change to suite his/her environment.