Skip to main content

Antivirus and Patch Management Best Practices for SecureAuth IdP Appliances

Introduction

This article discusses best practices for managing Antivirus updates and Microsoft Windows software updates for on-premise SecureAuth IdP appliances.

Note

To ensure maximum security, SecureAuth Corporation does not have access to customers' on-premise SecureAuth IdP appliances. Consequently, maintenance of these appliances – including, but not limited to, software backup management, Antivirus protection, and Microsoft Windows patch management – is the customer's responsibility.

Applies to

SecureAuth IdP Version

OS Version

7.x+

  • Windows Server 2008

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

Discussion

SecureAuth IdP Appliance Maintenance Policy

SecureAuth IdP appliances play a central role in an organization's security infrastructure, making ongoing maintenance of the server an important part of the overall security posture. The sections below discuss best practices for maintenance of the appliance. Questions about topics covered below should be addressed to a SecureAuth Sales Engineer (SE) or the SecureAuth Support department for clarification. SecureAuth Support can be contacted via support.secureauth.com

Microsoft Windows Server Patch Management Best Practices

Security updates and patches are software programs provided by Microsoft to address problems or vulnerabilities within Windows applications. Microsoft releases patches for the Windows operating system on a day known as "Patch Tuesday" which falls on the second Tuesday of each month in North America. The latest Microsoft patches are tested by SecureAuth Corporation twenty-four (24) hours after their release on Patch Tuesday. Any issue that may arise during the regression testing is posted as a notice on the SecureAuth Service Bulletin website. SecureAuth recommends setting a routine patch process to update the appliance once a month, preferably forty-eight (48) hours after Patch Tuesday. This allows SecureAuth's engineering team time to test the appliance for any incompatibilities with the new patch.

Note

Automatic Updates

SecureAuth does not recommend configuring Windows update to "Download and install updates automatically" on a SecureAuth IdP appliance. This option could cause the appliance to reboot at random times and introduce unexpected downtime in the environment – if an automated solution is required, SecureAuth suggests investigating one of the many third-party patching solutions available for Windows.

AntiVirus / Malware Best Practices

Earlier released SecureAuth IdP appliances were shipped with an OEM version of the VIPRE Antivirus software. A complimentary one-year license for the software was provided as part of a SecureAuth IdP purchase. The Antivirus client was introduced to protect the appliance during the initial configuration and installation in an environment. SecureAuth recommended the installation of the standard AV solution of this product on the SecureAuth IdP appliance at the earliest possible opportunity so that updates could be managed and monitored per the Company's ITSec policies. In order to continue using the VIPRE product, the license can be renewed by visiting the VIPRE software publishers website

Note

Exclusions

Some Antivirus software can be very aggressive when scanning files. If the SecureAuth IdP appliance exhibits a degradation in speed after installing the AV package, the D:\SecureAuth directory can be set to be excluded.