Presentation is loading. Please wait.

Presentation is loading. Please wait.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Published byCorey Welch Modified over 9 years ago

Similar presentations

Presentation on theme: "Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches."— Presentation transcript:

1 Module 6: Patches and Security Updates 1

2 Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches and security updates for Apache Recent patches and security updates for some other web server (TBD) 2

3 3 Installing Patches and Security Upates

4 Installing Patches and Security Updates

5 MS10-019 MS10-020 MS10-025 MS10-026 MS10-027 MS10-021

6 Installing Patches and Security Updates IIS 5.0 is the version installed by default on W2K computers. If you have SP4 for W2K (and you should), these are the patches that you need to apply to your computer: 327696 MS02-062 321599 MS02-028 319733 MS02-018 6

7 Other IIS Patching Tools You should also look at the IIS Lockdown Tool and URLScan which are valuable tools for "anti-IIS" activity protection: URLScan Security Tool (v2.5) IIS Lockdown Tool (v2.1)

8 IIS 5.1 Required Patches IIS 5.1 is the version available on Windows XP computers. Although it is not installed by default on XP Pro computers, it's still a big security concern. This patch is a cumulative patch that includes the functionality of all security patches released for IIS 5.1 since Windows XP Service Pack 1: 327696 MS02-062:327696 321599 MS02-028:321599 319733 MS02-018:319733

9 Improved Patch Management No service interruption while installing patches. Auto Update. Windows Update Corporate Edition. Resource Free DLLs.

10 Options to Obtain Security Updates Option Microsoft Security Notification Service Newsletter Windows Update SUS

11 Security update Deployment OPTIONDEPLOYMENT Microsoft Security Notification Service Newsletter Manually download the updates and then deploy them manually or automatically by using a software distribution program, such as Microsoft System Management Server. Windows Update Configure Windows Update to do one of the following SUS Configure the SUS to provide updates to the Web server through an updated version of Windows Update called Automatic Updates.

12 Vulnerability Rating RATINGDESCRIPTION Critical A vulnerability that, if exploited, might allow the propagation of an Internet worm without user action. Important A vulnerability that, if exploited, might result in a compromise of the confidentiality, integrity, or availability of user data, or of the integrity or availability of processing resources. Moderate A vulnerability risk that can be mitigated by factors such as default configuration, auditing, or difficulty to exploit. Low A vulnerability that is extremely difficult to exploit, or that has minimal impact.

13 13 Recent patches and security updates for IIS

14 Security updates Deny resource access by default and only allow resource functionality as desired. Log all web requests as they help identify suspicious activity. Subscribe to the Apache Server Announcement mailing list which can send updates, patches and security fixes.

15 15 Recent patches and security updates for Apache

16 Security updates Disable default services such as FTP and SMTP unless you need them. Disable the directory browsing function unless it is required as it allows visitors to see which files are running on your system. Disable any FrontPage Server Extensions that are not being used.

17 17 Recent patches and security updates for OWS

18 18

Download ppt "Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
Your Definitive Lockdown Guide

Your Definitive Lockdown Guide
Configuring Windows to run Dr.Web scanner remotely.

Configuring Windows to run Dr.Web scanner remotely.
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Patch Management –Pedro Carrasquilla –Sean Garrett –Jeni Li Arizona State University East Information Technology October 2, 2003 By Presented to WNUG/CCC.

Patch Management –Pedro Carrasquilla –Sean Garrett –Jeni Li Arizona State University East Information Technology October 2, 2003 By Presented to WNUG/CCC.
DT211/3 Internet Application Development Active Server Pages & IIS Web server.

DT211/3 Internet Application Development Active Server Pages & IIS Web server.
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 10: Server Administration.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications
SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.

SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.
Module 16: Software Maintenance Using Windows Server Update Services.

Module 16: Software Maintenance Using Windows Server Update Services.

Similar presentations

Ads by Google