S 4.83 Updating / upgrading of software and hardware in network components

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: Administrators

Updating software can eliminate vulnerabilities and extend functions. This applies, for example, to the operating software of active network components such as switches and routers, as well as network management software. An update is especially necessary on the detection of vulnerabilities which might affect the secure or reliable operation of the network, if a fault occurs repeatedly, or if a function needs to be extended for security-related or technical reasons.

Upgrading of hardware can also be advisable in certain cases, for example, if a new version of a switch provides a higher transfer and filter rate. Such measures can, under certain circumstances, increase the availability, integrity and confidentiality of data.

Before an update or upgrade is performed, however, the functionality, interoperability and reliability of the new components must be examined thoroughly. This is done best in a physically isolated test network, before the updated or upgraded product is actually put into regular operation. (refer to S 4.78 Careful modifications of configurations).

Additional controls:

• Are updates and upgrades checked for proper interoperability with existing components before being put into productive operation?