Download presentation
Presentation is loading. Please wait.
Published byMelvin Barnett Modified over 9 years ago
1
Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure
2
2 Agenda Using Management Tools to Help with Security SMS Patch Management (Client, Server) How partners can do to help customers MOM Monitoring your networks security What partners can do to help Summary / Q&A
3
3
4
4 Microsoft IT SMS 2003 Core Usage Scenarios Asset management Patch management Software distribution Software metering Security Patches File collection Targeted Deployments
5
5 Patch Management Framework 1. Assess Environment to be Patched Periodic Tasks A. Create/maintain baseline of systems B. Access patch management architecture (is it fit for purpose) C. Review Infrastructure/ configuration Ongoing Tasks A. Discover Assets B. Inventory Clients 1. Assess 2. Identify 4. Deploy 3. Evaluate & Plan 2. Identify New Patches Tasks A. Identify new patches B. Determine patch relevance (includes threat assessment) C. Verify patch authenticity & integrity (no virus: installs on isolated system) 3. Evaluate & Plan Patch Deployment Tasks A. Complete patch acceptance testing B. Obtain approval to deploy patch C. Perform risk assessment D. Plan patch release process 4. Deploy the Patch Tasks A. Distribute and install patch B. Report on progress C. Handle exceptions D. Review deployment
6
Desktop Patch Management
7
7 Overview Benefits of SMS 2003 patch management Best practices
8
8 Benefits of Using SMS Patch Management Proactive Monthly Patching and Compliance Process Catch security issues before they affect productivity Minimize the cost of alternate compliance processes Packaging is Automated No custom scripting and testing Faster time to market Centralized Patch and Compliance Method Used across the company Leverage Existing Resources Uses SMS server infrastructure Uses SMS administrators
9
9 Weds10:00AM Thurs 5:00 AM Fri2:00PM 5:00PM 5:00PM 5:00PM 5:00PM 12%30% Vulnerable Clients 6%5%3% Microsoft IT Multiple-Prong Approach Managed and Unmanaged Environment High Client Impact Method Low Client Impact Emergency client patch timeline Windows Update (Optional) Email & ITWeb Notification (Optional) SMS Patch Management (Voluntary >Forced) Logon Script (Forced) Internal Scanning Tool (Forced) Port Shutdowns
10
10 Best Practices to Enhance Patch Management Great technology, great processes, great people SMS Client Health Management Plan Manage using a scorecard Investigate by collecting client logs Repair thru logon script logic SMS Client Coverage Management Plan Boundary Management Client Count Trending SMS Infrastructure Management Plan MOM Management Pack for SMS
11
Server Patch Management
12
12 Servers… Target Key Servers Not all Servers need all patches A server that will not run IIS may not need to have IIS patches applied… Know when reboot is required (Plan it) Backup / Recovery Plan (Ready)
13
13 Partner Opportunities Security is the #1 priority Executive support is critical The process is just as critical as the implementation of the technology Security Assessments What if? Planning and Recovery? HW and SW inventory frequency increased for patch compliance reporting Scalable Solution (Start small and grow) Assistance with MSUS – SMS choices
14
14
15
15 Polices, Procedures & Awareness MOM and Security Management Physical Security Internal Network Perimeter Host Application Data MOM 2005 is a platform Monitoring vs. Administration MOM Management Packs Operational Data
16
16 MOM 2005 Security Features Secure by default Role based security Channel security Support for more firewall scenarios More…
17
17 More Security Features MBSA Management Pack Scans for common security misconfigurations Needs admin level privileges Task execution “auditing” What task was run When it was run By which user Against which computers Whether or not it was successful
18
18 Partner Opportunities Mom Install Configuration Security Auditing, who, what, when Analysis Well Managed is Secure
19
19 Resources http://www.microsoft.com/security http://www.microsoft.com/security http://www.microsoft.com/sms http://www.microsoft.com/sms http://www.microsoft.com/mom http://www.microsoft.com/mom
20
20 © 2004 Microsoft Corporation. All rights reserved. This whitepaper presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, SharePoint, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.