3.4. Preventing Problems by Staying Up to Date
One of the most popular techniques hackers use to compromise systems is to find vulnerabilities in the software we use day in and day out. For example, hackers quickly figured out a way to perform the "dot dot" attack on Windows 2000 systems after IIS was installed. With the "dot dot" attack, hackers navigate the folder structure of a Web server and delete files — a serious security flaw. After Microsoft got wind of the mistake, its programmers created a fix. It is your responsibility as a network administrator to download all the fixes to problems in the software you use.
3.4.1. Windows Update
To make it easier for you to get security fixes (patches) and updates for Microsoft software, use Windows Update feature within the operating system. If you choose the Windows Update command from the Start menu, you are automatically connected to the Microsoft Windows Update site, where your system is scanned for which updates are needed.
Windows Update allows you to do an express update where all critical updates are installed on your system, or a custom update (see Figure 3-6) where you get to select which updates to install (see Figure 3-6). From the Windows Update site, you install all the updates or patches that your system needs. Performing a Windows Update is a critical step to securing your systems — be sure to do it regularly. You can access Windows Update in Windows XP and Vista by choosing Start All Programs Windows Update.