Chapter 16. Maintenance Strategies and Administrative PracticesHardening systems and operations, providing protection for data, and applying security principles can build a solid security foundation. However, nothing stands still. New defensive operations and products are discovered, vulnerabilities are uncovered, and today's perfect security infrastructure becomes weaker over time. To ensure that security remains strong, you should review new discoveries, but the first step is to have sound maintenance strategies and management practices as part of the overall security plan. Security maintenance is not the application of a new security technology, nor is it the hardening process itself. Security maintenance is a combination of managing changes to security policy and managing updates, such as patches and service packs. Secure administrative practices support this process by ensuring that even minor changes to operating systems and applications do not reduce security, and that the actions of administrators do not increase the likelihood of system compromise. TIP: Patch Management Guides Microsoft's patch management site at (http://www.microsoft.com/technet/security/topics/patchmanagement.mspx provides the details of creating and implementing a change management infrastructure for security maintenance, and information about Microsoft and third-party products for patch management can be found in the "Microsoft Guide to Security Patch Management"(http://www.microsoft.com/downloads/details.aspx?familyid=73ac38b7-5826-421d-99e8-cdcc608b8992&displaylang=en.). |