Patch and Maintenance

After hardening a server, you must maintain that posture. New vulnerabilities are continuously discovered, and unpatched systems become increasingly exposed to risk over time. This document explains how to maintain the security baseline of the BioStar X server through regular patching, vulnerability scanning, and asset management.

Backup and restore security configuration

PowerShell

# Export Group Policy settings
secedit /export /cfg C:\backup\secpol.cfg

# Backup Windows Firewall rules
netsh advfirewall export "C:\backup\firewall.wfw"

Establish patch management policy

• Define a formal patching policy covering operating system, database engines, BioStar X software, and third-party dependencies.

• Specify timelines (e.g., OS patches within 2 weeks, application patches within 1 month).

• Include rollback and recovery procedures if a patch causes instability.

Caution

Before patching BioStar X bundled third-party dependencies, confirm with Suprema Global Technical Support Team that the update is supported. Try it first in a staging or VM environment.

Maintain BioStar X software updates

• Keep BioStar X updated to the latest supported version provided.

• Subscribe to release notes and advisories at https://www.supremainc.com/en/support/main.asp.

• Test new releases in a staging environment before production rollout.

Keep database engines up to date

• Apply updates to MariaDB 11.4 or Microsoft SQL Server according to Suprema's security advisories.

• Avoid running unsupported versions.

Manage dependencies and runtime components

• Patch supporting frameworks like Visual C++ Redistributables and Java runtimes.

• Maintain reverse proxy/WAF software (if used).

• Update quarterly or whenever advisories are published.

Perform regular vulnerability scanning

• Run vulnerability scans on BioStar X hosts quarterly (or monthly in high-security environments).

• Tools: Nessus, OpenVAS, Qualys, or Microsoft Defender for Endpoint.

• Schedule scans after patch cycles and track remediation in ticketing systems.

Maintain asset and patch inventory

• Keep an inventory of all BioStar X servers: OS versions, database versions, and patch levels.

• Use automated tools (e.g., SCCM, Intune, Ansible) where possible.

• Review inventory quarterly.