Security Patches Research Articles

How to shrink holes in corporate data dikes

The security of computer systems is a very hard and complex problem. IT staffers who apply security patches or use layered approaches have lulled themselves into a false sense of security. This perceived security is illusionary at best and destructive in the extreme. True security will increasingly require the use of hardened servers and guards. Defense in depth with distributed guards serving as penetration detectors and reporting attacks on corporate systems provides strong protection against both external and internal attackers. This strategy lets system managers minimize damage and greatly improve the recovery of damaged systems and data. Corporations that choose not to appropriately secure their systems will likely regret it. In the future, companies will probably face liability for third-party losses that arise from system compromises.

The Importance Of Being Timely

Recent events have highlighted the importance of keeping up-to-date with security patches. A number of assignments have helped me to think about the various problems involved in doing this in a practical and efficient manner. The recent rash of Linux worms (Ramen, Lion & Adore at time of writing), some interesting results from a couple of continuation audits, and helping a couple of customers to ensure the security of hosted out Web infrastructures, have all contributed.