ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "SAS 018 – Patch Management"
Episode Synopsis
In today’s episode I talk about patching various types of systems and my recommendations for each.
Workstations
BIOS/Firmware
Update at deployment then as needed
Drivers
Update at deployment then as needed
OS
Update monthly
Delay one month from release date unless critical
Applications
Enable auto-update if available
Update monthly if reasonable, otherwise as needed
Level of effort
Cost
Servers
BIOS/Firmware
Update at deployment then as needed
Drivers
Update at deployment then as needed
OS
Update monthly
Delay one month from release date unless critical
Applications
Deploy stable version and update annually or as needed
Networking
Firmware
Deploy stable version and update annually or as needed
Printers
Firmware
Deploy stable version and update annually or as needed
Drivers
Deploy stable version and update as needed
Mobile
Smartphones
Update major version as stable
Enable auto-update for minor version if historically stable
Apps should auto-update, delayed if necessary for testing
Tablets
Update major version as stable
Enable auto-update for minor version if historically stable
Apps should auto-update, delayed if necessary for testing
Misc
IOT
Try to deploy only if reputable manufacturer
Enable auto-updates
Intrusion Prevention
Deploy stable version and update annually or as needed
Access Control
Deploy stable version and update annually or as needed
Fire Alarm
Deploy stable version and update annually or as needed
Final Thoughts
Keeping systems updated is typically around 25% of your time as a SysAdmin
Depending on the system much of this work will need to be completed after hours
Choosing how often a system is updated is an important balance between required up time, stability and security
Workstations
BIOS/Firmware
Update at deployment then as needed
Drivers
Update at deployment then as needed
OS
Update monthly
Delay one month from release date unless critical
Applications
Enable auto-update if available
Update monthly if reasonable, otherwise as needed
Level of effort
Cost
Servers
BIOS/Firmware
Update at deployment then as needed
Drivers
Update at deployment then as needed
OS
Update monthly
Delay one month from release date unless critical
Applications
Deploy stable version and update annually or as needed
Networking
Firmware
Deploy stable version and update annually or as needed
Printers
Firmware
Deploy stable version and update annually or as needed
Drivers
Deploy stable version and update as needed
Mobile
Smartphones
Update major version as stable
Enable auto-update for minor version if historically stable
Apps should auto-update, delayed if necessary for testing
Tablets
Update major version as stable
Enable auto-update for minor version if historically stable
Apps should auto-update, delayed if necessary for testing
Misc
IOT
Try to deploy only if reputable manufacturer
Enable auto-updates
Intrusion Prevention
Deploy stable version and update annually or as needed
Access Control
Deploy stable version and update annually or as needed
Fire Alarm
Deploy stable version and update annually or as needed
Final Thoughts
Keeping systems updated is typically around 25% of your time as a SysAdmin
Depending on the system much of this work will need to be completed after hours
Choosing how often a system is updated is an important balance between required up time, stability and security
More episodes of the podcast SysAdmin Show
SAS 049 – IT Career Options
02/10/2020
In God we trust