Presentation is loading. Please wait.

Presentation is loading. Please wait.

THE RISKS OF ‘NOT’ PATCHING…

Published byBeatrix McBride Modified over 6 years ago

Similar presentations

Presentation on theme: "THE RISKS OF ‘NOT’ PATCHING…"— Presentation transcript:

1 THE RISKS OF ‘NOT’ PATCHING… WWW.SBSDIVA.COM
The risks of Patching… THE RISKS OF ‘NOT’ PATCHING…

2 Who am I? Patchaholic SBS MVP Security MVP
Been ‘patchin’ SBS’s since SBS 4.0 Used to squint when rebooting

3 So… what’s the first questions to ask?
What tool? What patch engine? What will break what? Tool isn’t important Process

4 What is a patch? Bug Flaw Something that needs fixing
Patch = Security patch

5 Why ‘should’ we patch? Worst case scenario
Fixing an issue where attacker from remote can hurt Code Execution Take control of system

6 Understanding the risks of patching
Worst case – Line of business stuff breaks Best case – everything works Typical patch month for your networks What’s broken in the past for you?

7 What if you don’t patch? What’s the worst thing that happens? Well…..

8 Risks in a SBS network Server? Ports open? WORKSTATIONS
Local administrator Download anything? Free stuff?

9 History of risks in SBSland
Code Red Nimda Nail the server Today? Keep the system working Borrow the bandwidth

10 Greatest risks? Review your networks Desktops If you nail the server?
If you nail a workstation? How expendable?

11 How to determine what/when?
Read the bulletin What’s the riskiest? Read the criticality From remote? Mere surfing?

12 Win2k3 /XP sp2 Typical threats come from authenticated connections
Lesser risks to these platforms A/V Spyware Safe surfing IE 7 coming out soon

13 Windows 2000 Risks from anonymous connections From remote
Coded up exploits typically work

14 Window to patch Patch comes out at 10:00 a.m – 11:00 a.m Pacific
Reverse engineer the patch to see what it’s fixing Determine issue Code vulnerability Typically within 20 minutes or so vulnerability is identified

15 Zero Days Vulnerability is out Used to exploit/to harm No patch
But does that mean we are unprotected?

16 Window to patch Can it be automated? Can it be “wormable”
What’s “Metasploit”?

17 Recent issues Focusing more on workstations
Focusing more on applications Less on servers

18 When to patch? Do we have to do servers as soon as possible?
Where’s our biggest risk of patching? What’s hurt in the past? Build an “ouch” database for your clients’ applications

19 When to patch? If we’ve mitigated already?
Why do we need to patch now? Mitigate, patch later?

20 Now that we will patch Will it hurt? Check the caveat section
Review the community Google on the KB number Review the Windows update newsgroup “Are you seeing?”

21 How/what to test? Microsoft performs patch testing
Don’t test the “basics” Identify the clients’ key applications Identify a “patch canary”

22 Patch gets approved Tested on one workstation Done your research?
NOW deploy

23 Deploy with? WSUS SBS 2003 r2 Shavlik Patchlink Other?

24 ..but what about non MS? Adobe Flash Firefox Sun Java
Even your antivirus

25 Tuesday’s patches …. To come…

Download ppt "THE RISKS OF ‘NOT’ PATCHING…"

Similar presentations

By Hiranmayi Pai Neeraj Jain

By Hiranmayi Pai Neeraj Jain
© 2003 Spire Security. All rights reserved. security i SPRE Expert’s guide for effective patch management Pete Lindstrom, CISSP Research Director Spire.

© 2003 Spire Security. All rights reserved. security i SPRE Expert’s guide for effective patch management Pete Lindstrom, CISSP Research Director Spire.
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Protect Your Computer Protect Your Work Computing & Communications.

Protect Your Computer Protect Your Work Computing & Communications.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.

Desktop Security: Worms and Viruses Brian Arkills, C&C NDC-Sysmgt.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.

Avanade: 10 tips for å sikring av dine SQL Server databaser Bernt Lervik Infrastructure Architect Avanade.
Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.

Raven Services Update December 2003 David Wallis Senior Systems Consultant Raven Computers Ltd.
Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication.

Copyright © Microsoft Corp 2006 Pragmatic Secure Design: Attack Surface Reduction Shawn Hernan Security Program Manager Security Engineering and Communication.
SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.
CS 4010 Hacking Samba Server Vulnerabilities. Recon Telnet headers claim the following: –Red Hat Linux release 9 (Shrike) –Kernel 2.4.20-8smp on an i686.

CS 4010 Hacking Samba Server Vulnerabilities. Recon Telnet headers claim the following: –Red Hat Linux release 9 (Shrike) –Kernel smp on an i686.
“Everyone full control or what?” Security challenges inside a company (WSUS, Wireless, Password policies: An introduction.

“Everyone full control or what?” Security challenges inside a company (WSUS, Wireless, Password policies: An introduction.
Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM

Client-based Application Attacks Adli Abdul Wahid Dept. of Comp. Science, IIUM
Small Business Security Keith Slagle April 24, 2007.

Small Business Security Keith Slagle April 24, 2007.
Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.

Worm Defense Alexander Chang CS239 – Network Security 05/01/2006.
Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Lecture 19 Page 1 CS 236 Online Securing Your System CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.

Similar presentations

Ads by Google