Page 1164 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1164
Managing Patches and Reducing
Vulnerabilities
Patch management and vulnerability management processes work
together to help protect an organization against emerging threats.
Bugs and security vulnerabilities are routinely discovered in operating
systems and applications. As they are discovered, vendors write and
test patches to remove the vulnerability. Patch management ensures
that appropriate patches are applied, and vulnerability management
helps verify that systems are not vulnerable to known threats.
Systems to Manage
It’s worth stressing that patch and vulnerability management doesn’t
only apply to workstations and servers. It also applies to any
computing device with an operating system. Network infrastructure
systems such as routers, switches, firewalls, appliances (such as a
unified threat management appliance), and printers all include some
type of operating system. Some are Cisco-based, others are Microsoft-
based, and others are Linux-based.
Embedded systems are any devices that have a central processing unit
(CPU), run an operating system, and have one or more applications
designed to perform one or more functions. Examples include camera
systems, smart televisions, household appliances (such as burglar
alarm systems, wireless thermostats, and refrigerators), automobiles,
medical devices, and more. These devices are sometimes referred to as
the Internet of Things (IoT).
These devices may have vulnerabilities requiring patches. As an
example, the massive distributed denial-of-service attack on Domain
Name System (DNS) servers in late 2016 effectively took down the
internet by preventing users from accessing dozens of websites.
Attackers reportedly used the Mirai malware to take control of IoT
devices (such as Internet Protocol [IP] cameras, baby monitors, and
printers) and join them to a botnet. Tens of millions of devices sent
DNS lookup requests to DNS servers, effectively overloading them.
