Patch Management Safeguards DCTC Network

Matt Nohava
Matt Nohava

Mac specialist Matt Nohava helps shore up IT security

by Jason Lachowsky

In an era where high-profile, high-cost security breaches seem all too frequent, network security is of principle importance. Dakota County Technical College is not immune to these threats and is taking proactive action to plug any potential security holes. In some ways, a college campus is uniquely vulnerable because students bring their own devices to campus and connect them to the wireless network. You can’t assume those devices are up to date. DCTC’s wireless network was designed with this in mind.

Matt Nohava, a Macintosh systems administrator in the DCTC IT department, noted that the college’s wireless networks do not have access to the college’s internal networks. “We don’t want some form of malware to infect the rest of campus,” he said.

Although DCTC uses a number of methods to protect its network and computers, a crucial step in prevention is patching—a patch is a small piece of software used to correct an identified issue with software or an operating system. Almost all software companies will periodically release patches to correct discovered issues, including security risks, in their programs.

“You might not see the effects of patched software, but in the background there are bug fixes and security updates,” Matt pointed out. “We want to make sure that our first line of defense is taken care of.”

Keeping on top of frequently released patches and making sure they are applied as needed is known as patch management. The SANS Institute, an Internet security training firm, identifies patch management as one of their Critical Security Controls. Matt agrees: “Patch remediation is one of the first steps in making sure you have secure machines.”

“Working in the IT department makes for an interesting day. At one point, you could be down supporting automotive, and the next you’re fixing a broken server. I like working as a part of a small IT staff. While we all have our specialties, everyone is ready to jump in as needed.” — Matt Nohava, Macintosh Systems Administrator

If patches are managed computer by computer, keeping an environment updated can be very time-consuming. Inevitably, some computers will be missed. “That’s how we used to do it,” Matt recalled. “We would manually install patches on every single machine. If we wanted to update a lab, for instance, we would have to unlock the entire lab and then push out the patches. It took quite a bit of extra time, and it was very possible to miss certain updates.” Matt added that if patching occurred during the workday, employees could be temporarily prevented from accessing their computers. Worse still, students could be stopped from using lab computers.

The college has decided to choose Lumension® as their patch management system solution. Matt reported that Lumension is very helpful in determining what needs to be updated, which means unnecessary updates are not applied. “With Lumension, a piece of software is installed and it scans the hardware and software to check the version,” he summarized. “Lumension not only updates, it checks for vulnerability and holes as well.” Another plus for Lumension is that the solution is cross-platform. DCTC is a mix of Mac and Windows PCs. Many machines even have the ability to dual boot to either operating system.

Matt also likes that Lumension has a lightweight client. The DCTC IT department looks for software that does not intrude during a staff member or  instructor’s day. At this time, IT has deployed Lumension to a significant portion of the campus, including labs and smart rooms. The software is receiving some real-world testing before being deployed on staff and faculty computers, but that is the next step. Keeping to a schedule is one challenge Matt envisions for certain computers. Since lab computers are frozen to a certain state and return to that state on reboot, IT needs to manually go in and thaw the machines before they can be updated.

Ultimately, Matt believes that Lumension, once fully implemented, will save the department time and allow IT staff to focus on other priorities. He enjoys his job at DCTC. “Working in the IT department makes for an interesting day,” he said. “At one point, you could be down supporting automotive, and the next you’re fixing a broken server. I like working as a part of a small IT staff. While we all have our specialties, everyone is ready to jump in as needed.”

Matt Nohava grew up in Webster, Minn., which he described as a “town with a mill and that’s about it.” During the summer, he enjoys camping at his parent’s seasonal campsite near Zumbrota. He and his wife, Lindsay, reside in Farmington, Minn., and have two dogs, a golden doodle and a Shih Tzu-poodle mix. Matt and Lindsay are expecting their first child in October.

For more information about the DCTC IT department, contact: