Every sysadmin knows that software of all kinds needs to be updated. Sometimes the updates provide new features and enhancements, but many times the updates are bug fixes and security patches. Keeping your servers, desktops, and software up to date can help prevent your networks from being comprimised.
I've compiled a short list of best practices I use for patch management:
- Schedule your patch management on a regular basis. It is easy for the busy sysadmin to be distracted by all the end-users' needs which to them are always critical. Prioritize a time for updates where you will not be distractec. This may need to be after hours if necessary. Many Windows updates require system restarts so be sure to schedule the restarts to minimize downtime, and be sure to check that the servers and services come back up afterwards.
- Subscribe to mailing lists and/or rss feeds that provide you with information on exploits, patches, and security notices for the specific software you run. Visit your vendor's website to see if they have these options available.
- Keep a log of your patch installations. I've created an Excel template that I print each week to record the packages and updates that I install on my Linux and Windows servers. Should something break due to the updates I will know exactly what has changed.