If you have some years of experience in the field of information security, you must have seen a couple of famous Internet worms hitting your network causing damage to your environment. Many network or security administrators remember to patch their network only when they are hit by attackers or worms and honestly speaking that is terrible for a security guy…
Microsoft Security Bulletin Advanced Notification released every month is intended for security people to plan 3 days ahead before Microsoft security updates are released. Microsoft Security Bulletin Advanced Notification includes information about:
- The number of new security updates
- The softwares affected
- The severity levels of vulnerabilities
- Information about any detection tools relevant to the updates
- Check the Microsoft Security Bulletin Advanced Notification 3 days before the updates are out.
- Check to see if you have any of those affected operating systems and softwares available in your network environment.
- Check to see if any of them is placed in a critical part of your network like the network edge.
- If they are and the security risk is critical (High) and the vulnerability is a Denial of Service vulnerability, then you could place a firewall in front of the affected server against the Internet. If you have a virtual edge and DMZ, then this process will be done more easily since it is more dynamic. (Check out this blog post of mine)
- If the vulnerability is critical but it is a buffer overflow or any other kind of vulnerability, then you would need to go deeper to see what port on the server or what service on the server causes this security problem and then easily filter the port or disable the service if it does not make any network disruption.
- keep an eye on the log files of the affected servers and services and enable alerting so that you could be aware of any attacks.