Presentation is loading. Please wait.

Presentation is loading. Please wait.

Patch Management Patch Management in a Windows based environment

Published byChase McKenna Modified over 11 years ago

Similar presentations

Presentation on theme: "Patch Management Patch Management in a Windows based environment"— Presentation transcript:

1 Patch Management Patch Management in a Windows based environment
Personal Solutions vs. Enterprise Solutions By Maurice Kirkmanbey System Administrator CISSP, MCSE/MCSA/MCITP 14 Jun 2008

2 Overview Windows update service is an online resource that provides
updates to its Windows operating system over time. As vulnerabilities are discovered and other weakness in the OS are exposed, patch management (PM) along with other protection strategies are integrated in providing a defensive perimeter to protect the personal or enterprise network.

3 Objectives Understand Patch Management in a personal/enterprise environment Discuss Microsoft’s terminology Design a personal solution for PM Design an enterprise solution for PM Demonstrate basic concepts and strategies in PM

4 PM Defined Patch management maintains the OS while improving performance, stability and providing enhancements over the lifecycle of the operating system. Maintaining system integrity, availability, and when possible accountability is essential for personal and enterprise computing. However, enterprise systems rely heavily on accountability and confidentiality as an integral part of its computing environment. +Note: Although, it’s not as common as it once was, but the famous Windows blue screen of death cause many sleepless nights for home users and systems administrators. The Windows ME version often left the use saying, “Why Me?” Early OS versioning allowed direct calls to system memory to the exclusion of other program which caused problem within itself. Some programs where poorly written without safeguards and software protection methods in use today. Caveats: The focus of this presentation is Windows operating systems, but patch management may be applied to other Operating systems such as MAC, UNIX and Linux. Furthermore, software management is all seen in routers IOS, custom and commercial applications, intrusion protection signature files and AV/Malware signature files.

5 PM Strategy PM is a foundation Strategy
Blaster worm released 26 days after Microsoft reported the vulnerability* From Microsoft This Week: MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) -          Rating: Critical -          Impact of Vulnerability: Remote Code Execution MS08-031: Cumulative Security Update for Internet Explorer (950759) -          Impact of Vulnerability: Remote Code Execution   *Source: Fontana, John. (2003). How to Handle Patch Management. Network World. Retrieved from the world wide web on 13 Jun 2008 from MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) -          Rating: Critical -          Impact of Vulnerability: Remote Code Execution MS08-031: Cumulative Security Update for Internet Explorer (950759) -          Impact of Vulnerability: Remote Code Execution               MS08-032:  Cumulative Security Update of ActiveX Kill Bits (950760)         -          Rating: Moderate MS08-033: Vulnerabilities in DirectX Could Allow Remote Code Execution (951698)           MS08-034: Vulnerability in WINS Could Allow Elevation of Privilege (948745) -          Rating: Important -          Impact of Vulnerability: Elevation of Privilege MS08-035: Vulnerability in Active Directory Could Allow Denial of Service (953235) -          Impact of Vulnerability: Denial of Service MS08-036: Vulnerabilities in Pragmatic General Multicast (PGM) Could Allow Denial of Service (950762) -          Impact of Vulnerability: Denial of Service              We also re-released MS and MS with a detection only changes.

6 Defense in Depth Defending your OS Passive vs. active attacks
Denial of service Privilege escalation Versions of Buffer overflow attacks Remote code Execution + One brick vs. home foundation analogy + PM is part of a layered approach in defending your system architecture. PM alone will not save you from the numerous security threats. However, when PM is integrated into your security protection perimeter; AV, IDS, Malware protection and server/PC hardening and User education, you can rest easier knowing you are not relying on a single entity for protection.

7 Defense in Depth PM alone will not defend against:
A person who has physical access to system in your home or office. Establish covert communications channel authorized on the system Cyber terrorism Malicious code/Malware/Malicious Software Worms Viruses Buffer overflow attack vulnerability Spam definitions, junk mail options Default enabled functionality + Routine OS updates are needed because discoveries are exposed routinely from Microsoft, security firms, or users during the course of OS operations.

8 Terminology Security Updates Critical Updates Hot fixes Service Packs
Critical Update Definition: A critical update is a broadly released fix for a specific problem that addresses a critical, non-security-related bug. Additional Information: Critical updates are available for customers to download and are accompanied by a Microsoft Knowledge Base article. Hotfix Definition: A hotfix is a single, cumulative package that includes one or more files that are used to address a problem in a product and are cumulative at the binary and file level. A hotfix addresses a specific customer situation and may not be distributed outside the customer's organization. Additional Information: Hotfixes are distributed by Microsoft Product Support Services. Customers may not redistribute hotfixes without written, legal consent from Microsoft. Security Update Definition: A security update is a broadly released fix for a product-specific, security-related vulnerability. Security vulnerabilities are rated based on their severity. The severity rating is indicated in the Microsoft security bulletin as critical, important, moderate, or low. Additional Information: Microsoft security updates are available for customers to download and are accompanied by two documents: a security bulletin and a Microsoft Knowledge Base article. For more information about the format of Microsoft Knowledge Base articles for Microsoft security updates, click the following article number to view the article in the Microsoft Knowledge Base: Service Pack Definition: A service pack is a tested, cumulative set of all hotfixes, security updates, critical updates, and updates. Service packs may also contain additional fixes for problems that are found internally since the release of the product and a limited number of customer-requested design changes or features. Additional Information: Microsoft service packs are available for download and are accompanied by Microsoft Knowledge Base articles. Update Rollup Definition: An update rollup is a tested, cumulative set of hotfixes, security updates, critical updates, and updates that are packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a component of a product, such as Internet Information Services (IIS). Microsoft Reference:

9 Considerations Bandwidth Issues Topology issues Versioning control

10 Admin Tools Windows Update (online) WSUS (Enterprise Tool)
Microsoft Baseline Security Analyzer Windows Update is a convenient online place provides updates in a single place. Some major companies are responsible for the OS and various licensed products that they sell, the processes are disjointed High priority Updates, Service packs and security updates Optional Hardware updates including device drives Optional Software to enhance the Windows OS

11 The Online Windows Update
Access Windows Update Scan, Select and download updates: Express or Custom Follow Prompts to install updates Configures the updates you install

12 Personal Patch management:
Configuring an individual Computer START>Control Panel >Automatic Updates Four Choices: Automatic (and Install) Frequency and Time Download Updates, but let me choose when to install (auto restart may still occur) Notify Me, but don’t automatically install Turn off automatic updates (not recommended) + Individual computer and computers in a workgroup typically use this setup. As an additional measure MSBA can be used to assess security needs of all clients Determining Updates on an individual computer View history online Rolling back a Patch: Command line - Run: cmd /c systeminfo > my systeminfo.txt

13 BASE CONCEPT of PM Four Choices:
Automatic (and Install) Frequency and Time Download Updates, but let me choose when to install (auto restart may still occur) Notify Me, but don’t automatically install Turn off automatic updates (not recommended)

14 Windows Update

15 Windows Update

16 Windows Update

17 Windows Update Summary
This document is an introduction to the Background Intelligent Transfer Service. It is intended for IT professionals who are interested in using BITS from within a software application. BITS transfers files using leftover bandwidth. For example, if you are currently using 60 percent of your bandwidth, BITS will only use the remaining 40 percent. BITS also maintains file transfers when a network disconnection occurs, or a computer needs to be restarted: When the network connection is re-established, BITS will continue where it left off. Note: BITS version 1.0 is included with Windows XP and supports only downloads. BITS version 1.5 is included with Windows Server 2003 and supports both downloads and uploads. Version 1.5 will be available as a redistributable for Windows 2000 and Windows XP following the release of Windows Server Uploads require Internet Information Services (IIS) server with the BITS server extension installed. Source Microsoft:

18 Personal PM MS Redmond

19 Mid Day Administrator's Nightmare
Hmmmm…… , Web server, Domain Controllers etc….

20 Enterprise Patch Management:
WSUS Central Management (CONTROL) Incremental or full approval process Reduced bandwidth consumption Supported products isolation: ie. W2K, WIN 2003/XP/Visa Selected languages Reporting tools and summarization Client Deployment by groups, specials needs

21 WSUS in Action

22 PM Enterprise Design 700 Clients 25 Clients 500 Clients NY WSUS RDU
Chicago WSUS 25 Clients MS Redmond LA WSUS 500 Clients

23 Demo Personal PM Enterprise PM (WIN2003 SBS)

24 Summary Patch management Automated tools Layered defense strategy
Centralized control Client auditing Information Assurance Used as a larger Defense in Depth strategy, updated AV software and definitions, Anti-spyware, firewalls, intrusion detection, physical security, security strategy, Password policy, and Business continuity strategy, personal security.

Download ppt "Patch Management Patch Management in a Windows based environment"

Similar presentations

Auditing Microsoft Active Directory

Auditing Microsoft Active Directory
Security Update Server Registration, Active scanning and Windows patching.

Security Update Server Registration, Active scanning and Windows patching.
Your Definitive Lockdown Guide

Your Definitive Lockdown Guide
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.

10 Things You Can do to Secure Your PC Presented by Peter Nowak OIS Client Services Manager.
Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Exchange server 2003. Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
MiVoice Office v6.0. 2 MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.

MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.
16.1 © 2004 Pearson Education, Inc. Exam 70-290 Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW  Understand the difference between service.

Similar presentations

Ads by Google