The Fear of Upgrading

We run into the scenario quite frequently that a device (usually a firewall, server or switch) is not up-to-date on its firmware.  When we ask the client if they would like us to assist in getting the device upgraded, there is about a 50% chance that we will be met with an underlying hint of fear.  So many people are so terrified that upgrading their firmware is going to cause significant problems that they choose to ignore them.

Don't get me wrong; I have seen it happen that an upgrade will contain a bug or other issue that causes a problem you weren't having to deal with before.  However, those incidents are so few and far-between that they become negligible.  What I always try to explain to people are the dangers of the other alternative.  Let's say, for example, you never upgrade the firmware on your firewall.  Your organization gets attacked, and the hacker examines the version that your device is running.  He then does a few minutes of research to find all of the vulnerabilities associated with that outdated firmware, and he exploits them.  Your network has just been breached because you didn't take five minutes to upgrade your device.

Upgrades aren't just designed to make you feel better that you're running the "latest and greatest."  They serve an important purpose, which is to fix the holes that were in the previous version.  Network security is a moving target, because the environment is always changing.  There are new exploits every day, so you have to make sure you are staying on top of your own security.  So, take a few minutes today to think about when was the last time you upgraded your firewall, servers, and switches.  If you can't remember, then it's definitely time to do it.