All News
SC Magazine - Shreds and patches
July 06, 2009
In May's edition of SC Magazine Ken Munro, Director of penetration
and security testing company, NCC Group Secure Test discussed how once
a fairly straight forward exercise, patching in the mobile era has
become fraught with complexity.
"So you've bitten the bullet, identified your business-critical systems,
implemented
a staging environment and tested all the patches before deploying on
live systems using something like WSUS. No blue screens, everything
works, nice and secure - and that should be
the end of the story. But what exacdy did you patch? The operating system alone may not be enough anymore.
We
all know how to patch and we all know how important it is to do
patching on a regular basis. We now need to ensure we have considered
everything everything that should be patched, consider the risk of each
- and prioritise. My advice would be to design your network along the
"defence in depth" principle - that way, if the systems you don't patch
are compromised, it's not the end of the world."
In The Press