Many of us are familiar with antivirus software updates that tie up our machine almost daily.
And who hasn’t been at times perplexed by the never ending stream of Windows and Office updates that Microsoft like to send us? Or the app updates that appear and download regularly on our Smartphones?
In a business environment, keeping your operational software systems updated is particularly – indeed, critically – important for a number of reasons.
In this article we will explain why.
Why are software updates needed?
All software used in today’s increasingly IT system-dependent organisations needs to be updated from time to time.
Software updates (also known as ‘patches’) are released by software vendors for three main reasons:
To solve known issues with a particular function or feature
Some updates improve usability and operation of the software and correct problems, but may not add new or additional functionality to the product
To enhance the application e.g. with new features
Most software applications and systems have a development roadmap that ensures new features and operational improvements are added at intervals over the lifetime of the product
To fix security issues and known vulnerabilities
Probably the most important category of update, these security patches and updates are designed to plug holes that hackers (or others) may have uncovered – before they can be exploited.
How are updates performed?
Depending on how your computers, servers, network devices or other technologies are set up, some computer software updates may be performed automatically.
Most simple updates are set to download periodically, and when authorised by the user will install in the background, requiring the computer to be rebooted to complete. This keeps disruption to a minimum.
Others, due to the complexity of the technology involved, the nature of the update and the size and importance of the patch, may require manual updating – and many organisations use dedicated IT administrators to carry out these updates.
How easy or difficult the job of maintaining a rigorous patching update schedule is will be affected by:
- Employees: the number of computer and network users you employ
- More software: the increasing number of software programmes in use around your organisation both on users’ computers and on servers
- Increasing threats: The constant increase in security threats arising from hackers targeting out-of-date software
- Timing: The fact that different software suppliers update their systems in different ways, at different times, for different reasons, making it difficult to keep track of what software is current and what is not.
- Complexity: As your organisation grows, the need for more complex systems such as firewalls increases. Firewalls are among the most complex and important of systems to update, as described below.
The importance of updates for security
Although, in general, most software applications constantly evolve and benefit from feature and usability updates through their lifecyle, the number one reason software should be updated regularly is for the maintenance of network and data security.
Software that is up to date and ‘fully patched’ is less vulnerable to the threats of hackers, who constantly look for vulnerabilities and weaknesses that they can exploit.
Hackers operate in communities – often criminal networks – to share information of any newly discovered software vulnerabilities that can be exploited.
For this reason, old, outdated or ‘unsupported’ software systems (such as Microsoft XP, which is now retired, and for which no updates are now developed or provided) are prime targets for hackers wanting to gain access to private, personal and sensitive data such as bank accounts and database records.
[As an aside, if your organisation is currently using computers with any operating system or other Windows software that is either unsupported or more than a few updates behind, contact Alliance Solutions or your IT Support Provider without delay to arrange to have them updated].
What sorts of systems and software need updating?
In general, the following types of software must be updated regularly:
- Operating systems – such as Windows – on computers, servers, other network appliances and mobile devices
- Application software – such as Microsoft Office, but also browsers, email clients and departmental systems such as accounting and CRM software
- Network terminals – network connected computers that perform a specific function, such as warehouse management system software, inventory software, point of sale terminals
- Other specialist or critical software, even when written as a bespoke or customised standalone system
- Firewalls – among the most complex of updates to implement and configure correctly, but also the most important.
Why keeping your firewall updated matters so much
Some organisations see their firewall as a ‘plug in and forget’ project, believing that once bought and installed it will provide everlasting security protection for the network and all its end users.
Often, firewalls are hidden away in a server room or communications cabinet, or sit on a computer in a basement away from every day office technologies.
Yet the firewall is the barrier between the office network environment where critical, sensitive data is stored, and the public network. It is the critical first line – known as the ‘perimeter’ – form of defence against hackers, viruses, malware and every other undesirable form of computer and network traffic that want to penetrate your network to gain access to the data that resides within that network.
Accordingly, the firewall is the first target for hackers to crack – and whole communities of hackers dedicate their combined resources to finding ways to achieve their goal.
How they do this is well known.
Hackers know that all firewalls, like any other product or appliance which has software components, will become outdated over time, and as they do, and the level of security they provide degrades, vulnerabilities and holes may appear which can be exploited.
Hackers also look for firewall configuration issues, using sophisticated software to probe the firewall’s defences looking for openings that can allow them into the network.
Common causes of firewall breach
Firewall rules incorrectly configured
Firewalls operate based on the configuration of ‘rules’. The effectiveness the firewall and its ability to protect your network depends not only on how the rules are set up during the first configuration, but also on how they are adapted and evolved in subsequent months.
The rules set up on a firewall determine what traffic your firewall should be filtering i.e. what it should let through into the network and what it should block, as well as specifying what internal systems the firewall should protect.
Day one configuration may be correct; but if the firewall rules are not updated to reflect changes within the network, such as the deployment of new databases, systems and employees, the rules become outdated.
Similarly, just one or two incorrectly configured rules can negate the effectiveness of the firewall, leaving the network wide open and vulnerable.
Software updates (also known as patches) not applied, or incorrectly applied
Some organisations fall into the trap of assuming that once the firewall is installed and configured, it can be left to run on its own and will continue to provide network protection.
Yet like any other important operation software system, firewall manufacturers provide software version updates and upgrades at regular intervals that must be installed and configured.
For reasons outline earlier, the correct application of software updates (known as patching) is critically important for the continued correct operation and function of the firewall.
Lack of monitoring
Attempted hacker attacks on firewalls and which are blocked – or occasionally gain access to the network – are known as ‘events’ and registered in the firewall’s log.
These and other irregularities such as higher than usual levels of network traffic are potentially signs that the organisation is being targeted, or that something suspicious is going on and requires investigation.
If the firewall and its logs are not being monitored, these events may go unnoticed and unresolved, with potentially dire consequences.
How to ensure your firewall perform well
The bottom line about firewalls is that they need to be managed.
A “managed firewall” will be:
- Correctly configured with new rules as your organisation evolves
- Kept patched when new version updates, upgrades and virus databases are released
- Monitored to ensure that network traffic patterns are with expected parameters.
Typically, the management of firewalls is within the remit of an IT or Network Administrator.
Even with in-house IT staff though, due to the complexities of today’s firewall technologies – including the highly effective and efficient Unified Threat Management (UTM) firewall appliances – it is common for the responsibilities of firewall management and monitoring to be outsourced to a specialist IT support provider.
In-house or outsourced, your firewall administrator – equipped with the right administrator tools – must:
- Monitor the status of your firewall around the clock, to ensure that it is operating properly and efficiently and alerting or responding if something goes wrong
- Look for and respond to activity that may be suspicious, i.e. outside the normal levels or types of activity that would be expected
- Scan the network and monitor firewall logs to ensure the network remains secure
- Respond to, or alert you to, any intrusion attempts if appropriate
- Update rules to allow for additional users and systems
- Install and configure updates and new versions of the firewall software
- Back up the firewall regularly so that if it does fail, it can be recovered and redeployed to ensure continuing protection.
For more information about patching and software updates, keeping your firewall updated or any other aspect of your IT systems, contact Alliance Solutions on 0800 292 2100 or email firstname.lastname@example.org and ask us for a for a free IT Systems Audit.