Wednesday, February 18, 2009

The Importance of Patching

I listened to my first podcast tonight. Ever. I never really thought I had the time to listen to them. But, the Network Security Podcast had Brian Krebs on, and I since I follow Brian's blog, I wanted to hear what he had to say. I'll admit, it took me a bit to figure out how to subscribe, sync, and generally manage the podcasts. However, I got it figured out, and I look forward to listening to future podcasts.

Brian, Rich and Martin got me thinking. Towards the end of the podcast, they were discussing ways to mitigate the current threats, and even what we'll have to do in the future with potentially more determined threats. As an auditor (and an incident responder for my own clients) I think one of the biggest opportunities we have as a security community is to patch, patch and patch. Yes, it's easier said than done in some instances. But look at at Conficker. Here's a worm that arrives on a system because a specific patch is not installed. Installing the patch, which was released out of cycle none-the-less, goes a long way to preventing infection. I understand that businesses need to test out patches to ensure that the patch itself will not cause more harm. But certainly, home users should have Microsoft Update actively and automatically fetching these patches and installing them after downloading.

And while we (ourselves) can not physically patch these machines, we can be evangelistic about spreading the message. I know that every time I respond to incident, one of the big lessons I try to impart on my client is for the client to actively keep the machine patched to the best of their ability. Clients are thankful for ways they can proactively keep their machines safe. And I see in many of these clients pride when they learn that they can do it themselves.

I was glad to listen to the podcast and I look forward to future podcasts. Especially if they will be as engaging and get me to think.

No comments:

Post a Comment