SAS 018 – Patch Management
- Author
- Dustin Reybrouck: IT System Administrator
- Published
- Wed 27 Feb 2019
- Episode Link
- https://sysadminshow.com/sas-018-patch-management/
In today’s episode I talk about patching various types of systems and my recommendations for each.
Workstations
- BIOS/Firmware
- Update at deployment then as needed
- Drivers
- Update at deployment then as needed
- OS
- Update monthly
- Delay one month from release date unless critical
- Applications
- Enable auto-update if available
- Update monthly if reasonable, otherwise as needed
- Level of effort
- Cost
Servers
- BIOS/Firmware
- Update at deployment then as needed
- Drivers
- Update at deployment then as needed
- OS
- Update monthly
- Delay one month from release date unless critical
- Applications
- Deploy stable version and update annually or as needed
Networking
- Firmware
- Deploy stable version and update annually or as needed
Printers
- Firmware
- Deploy stable version and update annually or as needed
- Drivers
- Deploy stable version and update as needed
Mobile
- Smartphones
- Update major version as stable
- Enable auto-update for minor version if historically stable
- Apps should auto-update, delayed if necessary for testing
- Tablets
- Update major version as stable
- Enable auto-update for minor version if historically stable
- Apps should auto-update, delayed if necessary for testing
Misc
- IOT
- Try to deploy only if reputable manufacturer
- Enable auto-updates
- Intrusion Prevention
- Deploy stable version and update annually or as needed
- Access Control
- Deploy stable version and update annually or as needed
- Fire Alarm
- Deploy stable version and update annually or as needed
Final Thoughts
- Keeping systems updated is typically around 25% of your time as a SysAdmin
- Depending on the system much of this work will need to be completed after hours
- Choosing how often a system is updated is an important balance between required up time, stability and security
