Post on 26-Mar-2015
Patch Management
Patch Management in a Windows based environment
Personal Solutions vs.
Enterprise Solutions
By Maurice KirkmanbeySystem AdministratorCISSP, MCSE/MCSA/MCITP
14 Jun 2008
Overview
Windows update service is an online resource that provides
updates to its Windows operating system over time. As
vulnerabilities are discovered and other weakness in the OS are
exposed, patch management (PM) along with other protection
strategies are integrated in providing a defensive perimeter to protect
the personal or enterprise network.
Objectives
Understand Patch Management in a personal/enterprise environment
Discuss Microsoft’s terminology Design a personal solution for PM Design an enterprise solution for PM Demonstrate basic concepts and strategies in PM
PM Defined
Patch management maintains the OS while improving performance, stability and providing enhancements over the lifecycle of theoperating system. Maintaining system integrity, availability, and when possible accountability is essential for personal and enterprisecomputing. However, enterprise systems rely heavily on accountability and confidentiality as an integral part of its computingenvironment.
PM Strategy
PM is a foundation Strategy
Blaster worm released 26 days after Microsoft reported the vulnerability*
From Microsoft This Week: MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code
Execution (951376) - Rating: Critical- Impact of Vulnerability: Remote Code Execution
MS08-031: Cumulative Security Update for Internet Explorer (950759)- Rating: Critical- Impact of Vulnerability: Remote Code Execution
*Source: Fontana, John. (2003). How to Handle Patch Management. Network World. Retrieved from the world wide web on 13 Jun 2008 from http://www.networkworld.com/research/2003/1201howtopatch.html?zb&rc=mgmt_patch
Defense in Depth
Defending your OS Passive vs. active attacks Denial of service Privilege escalation Versions of Buffer overflow attacks Remote code Execution
Defense in Depth
PM alone will not defend against: A person who has physical access to system in your home or
office. Establish covert communications channel authorized on the
system Cyber terrorism Malicious code/Malware/Malicious Software Worms Viruses Buffer overflow attack Email vulnerability Spam definitions, junk mail options Default enabled functionality
Terminology
Security Updates
Critical Updates
Hot fixes
Service Packs
Considerations
Bandwidth Issues
Topology issues
Versioning control
Admin Tools
Windows Update (online)WSUS (Enterprise Tool)Microsoft Baseline Security Analyzer
The Online Windows Update
Access Windows Update
Scan, Select and download updates: Express or Custom
Follow Prompts to install updates
Configures the updates you install
Personal Patch management:
Configuring an individual Computer START>Control Panel >Automatic Updates
Four Choices: Automatic (and Install) Frequency and Time Download Updates, but let me choose when to
install (auto restart may still occur) Notify Me, but don’t automatically install Turn off automatic updates (not recommended)
BASE CONCEPT of PM
Windows Update
Windows Update
Windows Update
Windows Update
MS Redmond
Personal PM
Mid Day Administrator's Nightmare
Hmmmm……Email, Web server, Domain Controllers etc….
Enterprise Patch Management:
WSUS Central Management (CONTROL) Incremental or full approval process Reduced bandwidth consumption Supported products isolation: ie. W2K, WIN
2003/XP/Visa Selected languages Reporting tools and summarization Client Deployment by groups, specials needs
WSUS in Action
Microsoft Updates
``
`
PM Enterprise Design
MS Redmond
LAWSUS
700 Clients
25 Clients
500 Clients
RDUWSUS
NYWSUS
ChicagoWSUS
Demo
Personal PM
Enterprise PM (WIN2003 SBS)
Summary
Patch managementAutomated toolsLayered defense strategyCentralized controlClient auditingInformation Assurance