Like this CertiGuide? Get it in PDF format!
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Custom Search

Table Of Contents  CertiGuide to Security+
 9  Chapter 3:  Infrastructure Security (Domain 3.0; 20%)
      9  3.5  Security Baselines
           9  3.5.1  OS/NOS Hardening

Previous Topic/Section  File System
Previous Page
Pages in Current Topic/Section
Next Page
3.5.2  Network Hardening
Next Topic/Section  Updates

As if we haven’t mentioned this enough already, you need to watch for them and install them. Vendors produce updates for all sorts of reasons – not just for fixing security issues.

Because of the propensity for vendor-supplied patches to “break things”, many organizations have developed a policy of a “wait and see” approach, letting a patch (program fix) “age” for a bit out in the community to shake out any bugs that didn’t show up during its beta testing, or of performing tests using production applications on a test server prior to rolling the patch out to production users. A wise person would perform update tests on a test platform before installing on a live network to be sure the update does not break any line of business applications or processes.

Where to Find Updates

You can usually find updates of all sorts for a product (OS or application) in that product’s area of your vendor’s web site.

Additionally, vendors typically make security patches available in a special area of their web site, for easy access. For example, both Sun and Microsoft offer security bulletin and patch collections. Microsoft’s may be found at, and Sun Microsystems’ may be reached in the Security section of

Types of Updates

It is partially due to vendors’ awareness of end users’ hesitance to test and install an endless parade of patches to do things like add support for new devices, tweak an obscure system function rarely used by end users, optimize RAS communications, etc. that vendors often issue security updates which include only vital security patches. These patches are often called “critical updates” or “hotfixes”. They’re sometimes rushed out the door somewhat, to get a fix for a critical issue onto vulnerable systems as quickly as possible. This means that quality might not be up to the standards of a service pack, and it comes down to the administrator’s judgment call, on whether it’s worth the risk to install it. On the positive side, since a hotfix is targeted to a specific issue, the amount of testing needed at an end user site is typically smaller than what is required to test a service pack.

Other, generally better-tested, updates might be termed “service packs” or “update packs”. These are sets of patches that have generally gone through both internal vendor testing and a field test process, to help ensure that they will not negatively affect systems.

Even then, undesirable side effects are not unheard of, when the service pack makes its way onto a system with a configuration it had not been tested on before release.

Patch, Hotfix, Service Pack

A patch is a fix to a problem found in software or data. A patch may also add features, but generally, it is thought of as a repair, as a patch to a tire would be.

A hotfix is a small patch file, generally targeted to one or two specific issues. Hotfixes are usually developed and released in a short timeframe, with less testing than service packs.

A service pack (or update pack) is a collection of patches. Often service packs undergo a significant testing process for quality control reasons..

Previous Topic/Section  File System
Previous Page
Pages in Current Topic/Section
Next Page
3.5.2  Network Hardening
Next Topic/Section

If you find useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $

Home - Table Of Contents - Contact Us

CertiGuide for Security+ ( on
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al. Version Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.