Network security depends on the patch Response Time

In a recent attack on the internet, you may doubt how your system can defend against malicious software attacks. Because no system can protect computer devices by, there are still many ways to ensure the security of your network as much as possible.

Do not underestimate the single protection measures. The technical package or software package can help you protect the network. At the same time, when you perform layer-by-layer security repair, you will be able to achieve a deep level of defense, and will certainly be able to achieve the protection effect. Just as you need to back up your company's files to prevent potential crises, you also need to provide comprehensive security protection for your important computer resources through more than one measure.

It is cumbersome to install patches.

The monthly network patch is much simpler than the previous one (in the past, at the beginning of the year, the management system received a prompt file, in the next week, we will perform multiple network patching tasks.) It turns out that we still need to fix and patch our network in some way. Fortunately, there are many very useful software available, some of which are free and some are not. These software will automatically process various types of networks.

For one or two computers in small companies, you can update the network directly through Microsoft's website. However, in this case, you cannot select the software you want, and you will receive all the updated software from the website.

If you have another Server in your computer environment, you can install a software update system to upgrade the system. The system will run in Windows 2000 and Windows Server 2003, however, only some necessary security upgrades are required. However, you can also install the Windows service upgrade system, which only runs in the Windows Server 2003 environment. However, it has a large number of patches and packaging services, includes SQL Server and Microsoft Exchange systems.

SUS and WSUS are free of charge. You can use these two products to directly specify the users who want to receive the upgrade, and only provide the specified upgrade packages. You can even use SUS or WSUS to upgrade a large number of terminals, that is, determine the number of machines on the terminal and then provide the upgrade service directly through your host. At the same time, the terminal can be required to regularly use the SUS/WSUS server to regularly check the system on its own machine, or modify its registration records on the workstation.

SUS/WSUS disadvantages

In my opinion, the main disadvantage of SUS/WSUS is that we cannot forcibly use the system for special and fine-grained upgrades, you must wait for the next user to perform a check through the SUS/WSUS server. If you want more control over the upgrade system, you can choose some paid products, such as Microsoft's System Management Server (MSN ), this is a system management tool that includes repair management, which is also a major feature of it. If MSN does not meet your needs, there are third types of tools for you to choose from. These tools are simple patch tools, such as Shavlik's HFNetChkPro.

The biggest concern of many enterprises is the software compatibility. What should I do if a Microsoft software upgrade affects a computer accounting system or a human resources software system? Some people take a wait-and-see attitude to solve this problem. They usually wait for a few days or even a week after automatic patching to see if someone raised a question about the upgraded computer.

However, waiting is sometimes dangerous, especially because there is "zero-day exploit. "You may have heard about it in today's news. What does it mean? Microsoft released a large number of patches to compensate for some of its system vulnerabilities. The negative impact of such releases is unfortunately a reminder of the locations of system vulnerabilities of hackers, to help them make more viruses.

Generally, after Microsoft releases patches, hackers need to write programs for virus manufacturing, but "zero-day exploit" (zero-day manufacturing) it means that the virus has been manufactured on the patch release day or even before it is released. Therefore, in this case, if you take a wait-and-see attitude to determine whether the upgrade has an impact on the system, your computer system will face great risks.

If you can download and debug new software updates every Tuesday, and install the software as soon as possible, the security of your computer system will be guaranteed.