What are the Antivirus and Microsoft Windows patching best practices for on-premise SecureAuth appliances?
SecureAuth appliances play a central role in your organizations security infrastructure making ongoing maintenance for the server an important part of your overall security posture. In the sections below we will discuss best practices for maintenance of the appliance. If you have any questions about the topics covered below please contact your Sales Engineer (SE) or SecureAuth Support for clarification. SecureAuth support can be reached via phone at 949.777.6959 option 2 or email firstname.lastname@example.org.
Microsoft Windows Server Patch Management Best Practices
Security updates and patches are software programs provided by Microsoft to address problems or vulnerabilities within Windows. Microsoft releases patches for the Windows operating system on a day known as "Patch Tuesday". It occurs on the second Tuesday of each month in North America. The latest Microsoft patches are tested by SecureAuth Corporation twenty-four (24) hours after their release on Patch Tuesday. Should an issue arise during the regression testing a notice is posted on the SecureAuth Service Bulletinwebsite. We recommend that you develop a patch process to update the appliance once a month preferably forty-eight (48) hours after Patch Tuesday. This allows our engineering team time to test for any incompatibilities with the new updates.
** Automatic Updates
SecureAuth Corporation does not recommend configuring Windows update to "Download and install updates automatically" on a SecureAuth appliance. This option could cause the appliance to reboot at random times and introduce unexpected downtime to your environment. If you need an automated solution we suggest investigating one of the many third-party patching solutions available for Windows
AntiVirus / Malware Best Practices
Earlier SecureAuth IdP appliances shipped with an OEM version of the VIPRE Antivirus software. A complimentary one year license was provided for the software as part of a SecureAuth purchase. The Antivirus client is intended to protect the appliance during the initial configuration and installation into your environment. We recommended that your organization's standard AV solution be installed on the SecureAuth IdP appliance at the earliest possible opportunity. This will allow updates to be managed and monitored per the Company's ITSec policies. Should your organization prefer to continue using the VIPRE product you can renew the license by visiting the software publishers website (http://www.vipreantivirus.com/renew/).
Some AntiVirus software can be very aggressive when scanning files. If your SecureAuth appliance exhibits a degradation of speed after installing your A/V package, you might wish to consider excluding the D:\SecureAuth directory.