February 27, 2019

SAS 018 – Patch Management

36 minutes

In today’s episode I talk about patching various types of systems and my recommendations for each.

Workstations

BIOS/Firmware

Update at deployment then as needed

Drivers

Update at deployment then as needed

Update monthly

Delay one month from release date unless critical

Applications

Enable auto-update if available

Update monthly if reasonable, otherwise as needed

Level of effort

Cost

Servers

BIOS/Firmware

Update at deployment then as needed

Drivers

Update at deployment then as needed

Update monthly

Delay one month from release date unless critical

Applications

Deploy stable version and update annually or as needed

Networking

Firmware

Deploy stable version and update annually or as needed

Printers

Firmware

Deploy stable version and update annually or as needed

Drivers

Deploy stable version and update as needed

Mobile

Smartphones

Update major version as stable

Enable auto-update for minor version if historically stable

Apps should auto-update, delayed if necessary for testing

Tablets

Update major version as stable

Enable auto-update for minor version if historically stable

Apps should auto-update, delayed if necessary for testing

Misc

IOT

Try to deploy only if reputable manufacturer

Enable auto-updates

Intrusion Prevention

Deploy stable version and update annually or as needed

Access Control

Deploy stable version and update annually or as needed

Fire Alarm

Deploy stable version and update annually or as needed

Final Thoughts

Keeping systems updated is typically around 25% of your time as a SysAdmin

Depending on the system much of this work will need to be completed after hours

Choosing how often a system is updated is an important balance between required up time, stability and security

...more

View all episodes

By Dustin Reybrouck: IT System Administrator

1313 ratings

February 27, 2019

SAS 018 – Patch Management

36 minutes

In today’s episode I talk about patching various types of systems and my recommendations for each.

Workstations

BIOS/Firmware

Update at deployment then as needed

Drivers

Update at deployment then as needed

Update monthly

Delay one month from release date unless critical

Applications

Enable auto-update if available

Update monthly if reasonable, otherwise as needed

Level of effort

Cost

Servers

BIOS/Firmware

Update at deployment then as needed

Drivers

Update at deployment then as needed

Update monthly

Delay one month from release date unless critical

Applications

Deploy stable version and update annually or as needed

Networking

Firmware

Deploy stable version and update annually or as needed

Printers

Firmware

Deploy stable version and update annually or as needed

Drivers

Deploy stable version and update as needed

Mobile

Smartphones

Update major version as stable

Enable auto-update for minor version if historically stable

Apps should auto-update, delayed if necessary for testing

Tablets

Update major version as stable

Enable auto-update for minor version if historically stable

Apps should auto-update, delayed if necessary for testing

Misc

IOT

Try to deploy only if reputable manufacturer

Enable auto-updates

Intrusion Prevention

Deploy stable version and update annually or as needed

Access Control

Deploy stable version and update annually or as needed

Fire Alarm

Deploy stable version and update annually or as needed

Final Thoughts

Keeping systems updated is typically around 25% of your time as a SysAdmin

Depending on the system much of this work will need to be completed after hours

Choosing how often a system is updated is an important balance between required up time, stability and security

...more

Share SAS 018 – Patch Management

Sign up to save your podcasts

SAS 018 – Patch Management

SAS 018 – Patch Management