S 4.83 Updating / upgrading of software and hardware in network components

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

Updating software can eliminate vulnerabilities and enhance functions. This applies, for example, to the operating software of active network components such as switches and routers, as well as network management software. An update is especially necessary if vulnerabilities are detected which might affect the secure or reliable operation of the network, if a fault occurs repeatedly, or if a function needs to be extended for security-related or technical reasons.

Upgrading hardware can also be advisable in certain cases, for example, if a new version of a switch provides a higher transfer and filter rate. These measures can, under certain circumstances, increase the availability, integrity and confidentiality of data.

However, before an update or upgrade is performed, the functionality, interoperability and reliability of the new components must be tested thoroughly. This is best done in a physically isolated test network before the updated or upgraded product is actually put into regular operation (see S 4.78 Careful modifications of configurations).

Review questions:

• Are there rules regulating the handling of updates/upgrades of software and hardware in the network and/or for the network components used?
• Is the interoperability of the updates/upgrades with existing components tested before they are put into regular operation?