BACKGROUND AND KEY RISKS: Patch management is the process of distributing and applying updates from vendors to software. These patches are often the way to correct errors (also referred to as “vulnerabilities” or “bugs”) in the software. Implementing a formal patch management process is key to ensuring that known vulnerabilities do not get exploited. Common areas that will need patches across the University include operating systems, applications, and embedded systems (like network equipment, firewalls, switches, and routers). For example:
Windows Server Patching:
Microsoft is a common attack target, and Windows vulnerabilities are often exploited by attackers and used to traverse to other parts of the network because of the widespread use of Microsoft’s software. Windows Server security provides layers of protection built into the operating system to safeguard against security breaches, helps block malicious attacks, and enhance the security of Penn’s applications and data.
Linux Server Patching:
While Red Hat Enterprise Linux is not as common a target as Windows for vulnerabilities, Red Hat has a long history of adopting and creating security technologies to harden core platforms. Linux patching provides protection again security breaches, helps block malicious attacks, updates to the latest features, and enhances the security of Penn’s applications and data. Linux patch management relies on the Red Hat Enterprise Linux management platform to identify the population of Linux servers to patch and to enable Linux administrators to manage available security patches that are released as Red Hat Security Advisory (RHSA) notifications.
Database software maintenance is critical to the security of Penn’s business, data, and applications. Patching is an essential part of database operations. Database patching provides protection against security breaches, helps block malicious attacks, and enhances the security of Penn’s applications and data.
WHAT MANAGEMENT CAN DO: