Patch Management Patch Management in a Windows based environment

Slides:



Advertisements
Similar presentations
Auditing Microsoft Active Directory
Advertisements

Security Update Server Registration, Active scanning and Windows patching.
Your Definitive Lockdown Guide
Incident Response Managing Security at Microsoft Published: April 2004.
10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.
IT:Network:Microsoft Applications
Module 16: Software Maintenance Using Windows Server Update Services.
16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Security of Communication & IT systems Bucharest, 21 st September 2004 Stephen McGibbon Chief Technology Officer, Eastern Europe, Russia & CIS Senior Director,
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.
Microsoft October 2004 Security Bulletins Briefing for Senior IT Managers updated October 20, 2004 Marcus H. Sachs, P.E. The SANS Institute October 12,
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Security Audit Tools Project. CT 395 IT Security I Professor Igbeare Summer Quarter 2009 August 25, 2009.
Principles of Computer Security: CompTIA Security + ® and Beyond, Second Edition © 2010 Baselines Chapter 14.
Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Cyber Patriot Training
Security Directions - Release 6 and beyond SearchDomino.com Webcast Patricia Booth Security and Directory Product Management 9/25/02.
Introducing, Installing, and Upgrading Windows 7 Lesson 7.
Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.
Module 13: Maintaining Software by Using Windows Server Update Services.
Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.
Module 14: Configuring Server Security Compliance
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
The Microsoft Baseline Security Analyzer A practical look….
FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
C HAPTER 2 Introduction to Windows XP Professional.
Migration from Software Update Services to Windows Server Update Services Jeff Alexander IT Pro Evangelist Microsoft Australia Scott Korman WSUS MVP SEC316.
1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.
Module 6: Designing Security for Network Hosts
Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.
Small Business Security Keith Slagle April 24, 2007.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Microsoft Management Seminar Series SMS 2003 Change Management.
Principles of Computer Security: CompTIA Security + ® and Beyond, Third Edition © 2012 Principles of Computer Security: CompTIA Security+ ® and Beyond,
NetTech Solutions Supporting Users and Troubleshooting Desktop Applications on Microsoft Windows XP Instructor Richard Fredrickson.
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.
NetTech Solutions Protecting the Computer Lesson 10.
11 IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES Chapter 7.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.
Operating System Hardening. Vulnerabilities Unique vulnerabilities for: – Different operating systems – Different vendors – Client and server systems.
Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.
Securing Tomorrow’s World Microsoft Security Roadmap Ed Gibson & Steve Lamb Microsoft Ltd.
Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.
11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Lesson 19: Configuring and Managing Updates
Critical Security Controls
Microsoft’s Security Strategy
Information Security Session October 24, 2005
Implementing Client Security on Windows 2000 and Windows XP Level 150
Using Software Restriction Policies
Preparing for the Windows 8. 1 MCSA Module 6: Securing Windows 8
Presentation transcript:

Patch Management Patch Management in a Windows based environment Personal Solutions vs. Enterprise Solutions By Maurice Kirkmanbey System Administrator CISSP, MCSE/MCSA/MCITP 14 Jun 2008

Overview Windows update service is an online resource that provides updates to its Windows operating system over time. As vulnerabilities are discovered and other weakness in the OS are exposed, patch management (PM) along with other protection strategies are integrated in providing a defensive perimeter to protect the personal or enterprise network.

Objectives Understand Patch Management in a personal/enterprise environment Discuss Microsoft’s terminology Design a personal solution for PM Design an enterprise solution for PM Demonstrate basic concepts and strategies in PM

PM Defined Patch management maintains the OS while improving performance, stability and providing enhancements over the lifecycle of the operating system. Maintaining system integrity, availability, and when possible accountability is essential for personal and enterprise computing. However, enterprise systems rely heavily on accountability and confidentiality as an integral part of its computing environment. +Note: Although, it’s not as common as it once was, but the famous Windows blue screen of death cause many sleepless nights for home users and systems administrators. The Windows ME version often left the use saying, “Why Me?” Early OS versioning allowed direct calls to system memory to the exclusion of other program which caused problem within itself. Some programs where poorly written without safeguards and software protection methods in use today. Caveats: The focus of this presentation is Windows operating systems, but patch management may be applied to other Operating systems such as MAC, UNIX and Linux. Furthermore, software management is all seen in routers IOS, custom and commercial applications, intrusion protection signature files and AV/Malware signature files.

PM Strategy PM is a foundation Strategy Blaster worm released 26 days after Microsoft reported the vulnerability* From Microsoft This Week: MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) -          Rating: Critical -          Impact of Vulnerability: Remote Code Execution MS08-031: Cumulative Security Update for Internet Explorer (950759) -          Impact of Vulnerability: Remote Code Execution   *Source: Fontana, John. (2003). How to Handle Patch Management. Network World. Retrieved from the world wide web on 13 Jun 2008 from http://www.networkworld.com/research/2003/1201howtopatch.html?zb&rc=mgmt_patch MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) -          Rating: Critical -          Impact of Vulnerability: Remote Code Execution MS08-031: Cumulative Security Update for Internet Explorer (950759) -          Impact of Vulnerability: Remote Code Execution               MS08-032:  Cumulative Security Update of ActiveX Kill Bits (950760)         -          Rating: Moderate MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)           MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745) -          Rating: Important -          Impact of Vulnerability: Elevation of Privilege MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235) -          Impact of Vulnerability: Denial of Service MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) -          Impact of Vulnerability: Denial of Service              We also re-released MS06-078 and MS07-068 with a detection only changes.

Defense in Depth Defending your OS Passive vs. active attacks Denial of service Privilege escalation Versions of Buffer overflow attacks Remote code Execution + One brick vs. home foundation analogy + PM is part of a layered approach in defending your system architecture. PM alone will not save you from the numerous security threats. However, when PM is integrated into your security protection perimeter; AV, IDS, Malware protection and server/PC hardening and User education, you can rest easier knowing you are not relying on a single entity for protection.

Defense in Depth PM alone will not defend against: A person who has physical access to system in your home or office. Establish covert communications channel authorized on the system Cyber terrorism Malicious code/Malware/Malicious Software Worms Viruses Buffer overflow attack Email vulnerability Spam definitions, junk mail options Default enabled functionality + Routine OS updates are needed because discoveries are exposed routinely from Microsoft, security firms, or users during the course of OS operations.

Terminology Security Updates Critical Updates Hot fixes Service Packs Critical Update Definition: A critical update is a broadly released fix for a specific problem that addresses a critical, non-security-related bug. Additional Information: Critical updates are available for customers to download and are accompanied by a Microsoft Knowledge Base article. Hotfix Definition: A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a product and are cumulative at the binary and file level. A hotfix addresses a specific customer situation and may not be distributed outside the customer's organization. Additional Information: Hotfixes are distributed by Microsoft Product Support Services. Customers may not redistribute hotfixes without written, legal consent from Microsoft. Security Update Definition: A security update is a broadly released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated based on their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. Additional Information: Microsoft security updates are available for customers to download and are accompanied by two documents: a security bulletin and a Microsoft Knowledge Base article. For more information about the format of Microsoft Knowledge Base articles for Microsoft security updates, click the following article number to view the article in the Microsoft Knowledge Base: Service Pack Definition: A service pack is a tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Service packs may also contain additional fixes for problems that are found internally since the release of the product and a limited number of customer-requested design changes or features. Additional Information: Microsoft service packs are available for download and are accompanied by Microsoft Knowledge Base articles. Update Rollup Definition: An update rollup is a tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS). Microsoft Reference: http://support.microsoft.com/kb/824684

Considerations Bandwidth Issues Topology issues Versioning control

Admin Tools Windows Update (online) WSUS (Enterprise Tool) Microsoft Baseline Security Analyzer Windows Update is a convenient online place provides updates in a single place. Some major companies are responsible for the OS and various licensed products that they sell, the processes are disjointed High priority Updates, Service packs and security updates Optional Hardware updates including device drives Optional Software to enhance the Windows OS

The Online Windows Update Access Windows Update Scan, Select and download updates: Express or Custom Follow Prompts to install updates Configures the updates you install

Personal Patch management: Configuring an individual Computer START>Control Panel >Automatic Updates Four Choices: Automatic (and Install) Frequency and Time Download Updates, but let me choose when to install (auto restart may still occur) Notify Me, but don’t automatically install Turn off automatic updates (not recommended) + Individual computer and computers in a workgroup typically use this setup. As an additional measure MSBA can be used to assess security needs of all clients Determining Updates on an individual computer View history online Rolling back a Patch: Command line - Run: cmd /c systeminfo > my systeminfo.txt

BASE CONCEPT of PM Four Choices: Automatic (and Install) Frequency and Time Download Updates, but let me choose when to install (auto restart may still occur) Notify Me, but don’t automatically install Turn off automatic updates (not recommended)

Windows Update

Windows Update

Windows Update

Windows Update Summary This document is an introduction to the Background Intelligent Transfer Service. It is intended for IT professionals who are interested in using BITS from within a software application. BITS transfers files using leftover bandwidth. For example, if you are currently using 60 percent of your bandwidth, BITS will only use the remaining 40 percent. BITS also maintains file transfers when a network disconnection occurs, or a computer needs to be restarted: When the network connection is re-established, BITS will continue where it left off. Note: BITS version 1.0 is included with Windows XP and supports only downloads. BITS version 1.5 is included with Windows Server 2003 and supports both downloads and uploads. Version 1.5 will be available as a redistributable for Windows 2000 and Windows XP following the release of Windows Server 2003. Uploads require Internet Information Services (IIS) server with the BITS server extension installed. Source Microsoft: http://www.microsoft.com/windowsserver2003/techinfo/overview/bits.mspx

Personal PM MS Redmond

Mid Day Administrator's Nightmare Hmmmm……Email, Web server, Domain Controllers etc….

Enterprise Patch Management: WSUS Central Management (CONTROL) Incremental or full approval process Reduced bandwidth consumption Supported products isolation: ie. W2K, WIN 2003/XP/Visa Selected languages Reporting tools and summarization Client Deployment by groups, specials needs

WSUS in Action

PM Enterprise Design 700 Clients 25 Clients 500 Clients NY WSUS RDU Chicago WSUS 25 Clients MS Redmond LA WSUS 500 Clients

Demo Personal PM Enterprise PM (WIN2003 SBS)

Summary Patch management Automated tools Layered defense strategy Centralized control Client auditing Information Assurance Used as a larger Defense in Depth strategy, updated AV software and definitions, Anti-spyware, firewalls, intrusion detection, physical security, security strategy, Password policy, and Business continuity strategy, personal security.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.