500    Chapter 8 • Infrastructure Security: System Hardening

             Protocol (NNTP) servers, file and print servers, and data repositories. It also
             explores directory services and databases.



              NOTE
                  As in the OS and NOS section, as you work to understand and utilize the
                  updates, hotfixes, service packs, and patches in the application area, be
                  sure to test these repairs on machines that are in a parallel network
                  environment. It is always prudent to test and try out the patches on
                  non-production equipment prior to implementation in a live production
                  network environment.





             Updates


             Updates are provided by the manufacturer of the application, and are usually
             intended to enhance features or functionalities of the applications involved.


                  ■   Updates for end-user applications increase the capability of the software to
                      perform tasks.

                  ■   Updates of server applications are often cosmetic in nature, or provided to
                      expand the capability of a particular type of server beyond its original
                      uses.

                 In either case, it is important to evaluate the updates to determine whether or
             not they are required or beneficial to the operation.Again, it is imperative to always
             test on equipment that is not part of the production environment to limit problems
             and downtime.

             Hotfixes

             Hotfixes for applications are provided by the vendors. However, these tend to be
             specific to the function operating on a server.These include fixes for server applica-
             tions such as Sendmail, Exchange, Microsoft Structured Query Language (SQL)
             server, or a Berkeley Internet Name Domain (BIND) DNS server.











          www.syngress.com