3.5 Given a scenario, apply server hardening methods.
📘CompTIA Server+ (SK0-005)
1. Patching
Patching is the process of applying updates to software, operating systems, or firmware to fix:
- Security vulnerabilities
- Bugs or errors
- Performance issues
- Compatibility problems
Types of Patches
- Security patches – Fix vulnerabilities that attackers could exploit
- Bug fixes – Correct software errors
- Feature updates – Add new functionality
- Firmware updates – Update hardware-level software (e.g., BIOS, RAID controllers)
Why Patching is Important
- Protects servers from exploits and attacks
- Maintains system stability
- Ensures compliance with security policies and regulations
- Improves performance and reliability
Key Concepts for Exam
- Patch management is a continuous process, not a one-time task
- Patches should be applied regularly but carefully
- Not all patches should be applied immediately without testing
2. Testing
Before applying patches to production servers, they must be tested.
Why Testing is Required
- Prevent system crashes or downtime
- Ensure applications still work correctly
- Detect compatibility issues between software and patches
Types of Testing Environments
- Development (Dev) – Where new features or changes are created
- Testing/QA (Quality Assurance) – Where patches are tested
- Staging – A near-exact replica of production environment
Testing Process
- Apply patch to a test system
- Verify system functionality
- Check application compatibility
- Monitor for errors or performance issues
- Approve or reject the patch
Key Exam Points
- Never apply untested patches directly to production systems
- Testing should mimic the production environment as closely as possible
- Testing helps reduce risk of downtime and failures
3. Deployment
Deployment is the process of applying approved patches to live (production) systems.
Deployment Methods
- Manual deployment – Admin installs patches manually
- Automated deployment – Tools automatically apply patches
- Scheduled deployment – Patches applied during maintenance windows
- Phased deployment (rolling updates) – Servers are updated in groups
Deployment Tools
- Windows Server Update Services (WSUS)
- System Center Configuration Manager (SCCM)
- Linux package managers (apt, yum, dnf)
- Automation tools (Ansible, Puppet, Chef)
Deployment Best Practices
- Perform during maintenance windows (low usage times)
- Use rollback plans in case something fails
- Monitor systems after patching
- Notify users and stakeholders before deployment
Key Exam Points
- Deployment should be controlled and planned
- Always have a rollback strategy
- Avoid deploying patches during peak business hours
4. Change Management
Change management is the process of controlling and documenting changes made to systems, including patching.
Why Change Management is Important
- Prevents unauthorized changes
- Reduces risk of system failure
- Ensures accountability
- Helps track system changes
Change Management Process
- Request for Change (RFC)
- A formal request to make a system change (e.g., applying a patch)
- Approval
- Change is reviewed and approved by a change advisory board (CAB)
- Planning
- Determine when and how the patch will be applied
- Identify risks and impact
- Implementation
- Apply the patch as planned
- Testing and Verification
- Ensure systems are working correctly after the change
- Documentation
- Record what was changed, when, and by whom
- Review (Post-Implementation Review)
- Analyze success or failure of the change
Types of Changes
- Standard change – Pre-approved, low-risk (e.g., routine patches)
- Normal change – Requires approval (most patches)
- Emergency change – Urgent fixes for critical vulnerabilities
Key Exam Points
- All changes should be documented
- Change management ensures controlled and safe updates
- Emergency changes still require documentation after implementation
- Approval is important before applying patches
5. Relationship Between Patching, Testing, Deployment, and Change Management
These processes work together in a structured workflow:
- Identify patch → Security update is released
- Test patch → Validate in a controlled environment
- Change management approval → Get authorization to proceed
- Deploy patch → Apply to production systems
- Monitor system → Ensure everything works correctly
- Document change → Record all actions taken
6. Best Practices for Exam
- Always test patches before deployment
- Use automation tools to manage patching efficiently
- Apply patches during scheduled maintenance windows
- Maintain documentation for all changes
- Have rollback procedures in case of failure
- Follow organizational policies and compliance requirements
- Prioritize critical security patches
7. Common Exam Scenarios
You may be asked what to do in situations like:
- A critical vulnerability is discovered → Apply emergency patch with change approval
- A patch causes system instability → Roll back to previous version
- A patch needs to be applied across multiple servers → Use automated deployment tools
- A patch must be verified → Test in a staging environment first
Final Summary
Patching is a structured process that involves:
- Testing – Ensure patches are safe and compatible
- Change management – Control and document all changes
- Deployment – Apply patches to production systems safely
For CompTIA Server+ SK0-005, you must understand that patching is not just installing updates—it is a controlled, tested, and documented process to maintain server security and stability.
