Madrid 12 Febrero 2004 Security Day. Francisco Monteverde Director División de Negocio de...
-
Upload
claire-cross -
Category
Documents
-
view
213 -
download
0
Transcript of Madrid 12 Febrero 2004 Security Day. Francisco Monteverde Director División de Negocio de...
MadridMadrid
12 Febrero 200412 Febrero 2004
Security DaySecurity Day
Francisco MonteverdeFrancisco MonteverdeDirector División de Negocio de Servidores y Director División de Negocio de Servidores y Sistemas de Microsoft IbéricaSistemas de Microsoft Ibérica
Security DaySecurity Day
AgendaAgenda
9:30 Bienvenida9:30 Bienvenida 9:40 Trustworthy Computing9:40 Trustworthy Computing Hector Sanchez, Director Seguridad Corporativa Hector Sanchez, Director Seguridad Corporativa
10:00 Gestión de actualizaciones10:00 Gestión de actualizacionesClaudio Vacalebre, Principal Security Consultant, MS EMEAClaudio Vacalebre, Principal Security Consultant, MS EMEA
11:30 Café11:30 Café 12:00 Continuación12:00 Continuación 13:30 Cóctel13:30 Cóctel 15:00 Seguridad en la red corporativa de 15:00 Seguridad en la red corporativa de
MicrosoftMicrosoftCarlos Lacuna, IT Manager Microsoft IbéricaCarlos Lacuna, IT Manager Microsoft IbéricaChema Alonso, colaborador de MicrosoftChema Alonso, colaborador de Microsoft
IT StrategyIT StrategyProactive Patch Proactive Patch ManagementManagementPart 1Part 1
Claudio VacalebreClaudio VacalebrePrincipal Security ConsultantPrincipal Security ConsultantCISSP - ITILCISSP - ITIL
Microsoft EMEA ServicesMicrosoft EMEA [email protected]@microsoft.com
AgendaAgenda
Part 1Part 1 PM EssentialsPM Essentials PM ProcessPM Process PM Tools - On Line ServicesPM Tools - On Line Services
Part 2Part 2 Patch Management ToolsPatch Management Tools
MBSAMBSA SUSSUS SMSSMS
Beyond PatchingBeyond Patching
ReduceFrequency,Quantity of
Patches
InadequateCommunications,
Guidance, andTraining
InconsistentPatching
Experience
Multiple,Incomplete Patch
ManagementTools
InconsistentPatch
Quality
Customer FeedbackCustomer Feedback
Improving The Patching ExperienceImproving The Patching ExperiencePatch EnhancementsPatch Enhancements
May 2004: 1 installMay 2004: 1 install experience for Windows, experience for Windows, SQL, Office & Exchange 2000 & higher with SQL, Office & Exchange 2000 & higher with MSI 3.0MSI 3.0
May 2004: PatchesMay 2004: Patches behave the same behave the same including full roll-backincluding full roll-back
May 2004May 2004: 90% size reduction through : 90% size reduction through delta patchingdelta patching
H1 2004:H1 2004: 30% fewer reboots on Windows 30% fewer reboots on Windows Server 2003 through hot patching Server 2003 through hot patching
End of 2004:End of 2004: All Microsoft patches behave All Microsoft patches behave same at installation and will be available in same at installation and will be available in one placeone place
Continuous code improvementContinuous code improvement MonthlyMonthly (from weekly) distribution (except (from weekly) distribution (except in emergencies)in emergencies)
10% fewer10% fewer reboots on Windows 2000 and reboots on Windows 2000 and higher higher
ReducedReduced patch size by 35% patch size by 35%
Delivered:Delivered: SMS 2003: SMS 2003: Complete patch Complete patch managementmanagement
StandardStandard patch naming, standard patch naming, standard installer switches.installer switches.
Released updated guidance on “Patch Management Using SMS 2003” and “Patch Management Using SUS 1.0”
Integrated (multi-tool) guidance on Patch Management + technology specific prescriptive guidance on testing/patching
Patch Management Patch Management EssentialsEssentials
Security TermsSecurity Terms
TermTerm DefinitionDefinition
VulnerabilityVulnerability A software, hardware, procedural weakness, A software, hardware, procedural weakness, feature, or configuration that could be a weak feature, or configuration that could be a weak point exploited during an point exploited during an attackattack. Also called an . Also called an exposure.exposure.
AttackAttack A A threat agentthreat agent attempting to take advantage of attempting to take advantage of vulnerabilities for unwelcome purposes.vulnerabilities for unwelcome purposes.
Threat agentThreat agent The person or process attacking a system The person or process attacking a system through a vulnerability in a way that violates your through a vulnerability in a way that violates your security policy.security policy.
ThreatThreat A source of danger.A source of danger.
CountermeasureCountermeasure Software configurations, hardware, or procedures Software configurations, hardware, or procedures that reduce risk in a computer environment. Also that reduce risk in a computer environment. Also called a safeguard or mitigation.called a safeguard or mitigation.
VulnerabilitiesVulnerabilities
TermTerm DefinitionDefinition
Buffer overrunBuffer overrun An unchecked buffer in a program that can overwrite the An unchecked buffer in a program that can overwrite the program code with new data. If the program code is program code with new data. If the program code is overwritten with new executable code, the effect is to overwritten with new executable code, the effect is to change the program's operation as dictated by the change the program's operation as dictated by the attacker.attacker.
Privilege elevationPrivilege elevation Allows users or attackers to attain higher privileges in Allows users or attackers to attain higher privileges in certain circumstances.certain circumstances.
Validation flawValidation flaw Allows malformed data to have unintended Allows malformed data to have unintended consequences.consequences.
Threat categories - Threat categories - STRIDESTRIDE model model
TermTerm DefinitionDefinition
SSpoofing identitypoofing identity Illegally obtaining access and use of another person's Illegally obtaining access and use of another person's authentication information, such as a user name or authentication information, such as a user name or password.password.
TTampering with dataampering with data The malicious modification of data.The malicious modification of data.
RRepudiationepudiation Associated with users who deny performing an action, yet Associated with users who deny performing an action, yet there is no way to prove otherwise. there is no way to prove otherwise. NonrepudiationNonrepudiation refers to refers to the ability of a system to counter repudiation threats (such the ability of a system to counter repudiation threats (such as signing for a received parcel so that the signed receipt as signing for a received parcel so that the signed receipt can be used as evidence).can be used as evidence).
IInformation disclosurenformation disclosure The exposure of information to individuals who are not The exposure of information to individuals who are not supposed to have access to it, such as accessing files supposed to have access to it, such as accessing files without having the appropriate rights.without having the appropriate rights.
DDenial of serviceenial of service An explicit attempt to prevent legitimate users from using a An explicit attempt to prevent legitimate users from using a service or system.service or system.
EElevation of privilegelevation of privilege Where an unprivileged user gains privileged access. An Where an unprivileged user gains privileged access. An example of privilege elevation would be an unprivileged example of privilege elevation would be an unprivileged user who contrives a way to be added to the Administrators user who contrives a way to be added to the Administrators group.group.
Threat AgentsThreat Agents
TermTerm DefinitionDefinition
VirusVirus An intrusive program that infects computer files by An intrusive program that infects computer files by inserting copies of self-replicating code and deleting inserting copies of self-replicating code and deleting critical files, makes system modifications, or performs critical files, makes system modifications, or performs some other action to cause harm to data on the computer some other action to cause harm to data on the computer or to the computer itself. A virus attaches itself to a host or to the computer itself. A virus attaches itself to a host program.program.
WormWorm A self-replicating program, often malicious like a virus, that A self-replicating program, often malicious like a virus, that can spread from computer to computer without infecting can spread from computer to computer without infecting files first.files first.
Trojan horseTrojan horse Software or e-mail that professes to be useful and benign, Software or e-mail that professes to be useful and benign, but which actually performs some destructive purpose or but which actually performs some destructive purpose or provides access to an attacker.provides access to an attacker.
Mail bombMail bomb A malicious e-mail sent to an unsuspecting recipient. When A malicious e-mail sent to an unsuspecting recipient. When the recipient opens the e-mail or runs the program, the mail the recipient opens the e-mail or runs the program, the mail bomb performs some malicious action on their computer.bomb performs some malicious action on their computer.
AttackerAttacker A person or organization carrying out an attack.A person or organization carrying out an attack.
Define a condition and consequence risk statement for
each threatThe effort represents the skills required for an attacker to take
advantage of the exploit
The criticality factor is the level of potential exploit of the threat to an
assetThe threat probability is the probability of a possible threat
agent entering your environment
Decide how big of a risk the vulnerability will be to an asset
Determine the asset priority ranking of each company asset
based on company criteriaThis is the criticality factor divided by effortDetermine the threat frequency level using the
equation (TP × RF)
Determine the impact factor (IF) using the equation (VF × AP)
Determine the exposure factor (EF) using the equation (Threat
Frequency Level × Impact Factor divided by 1,000
RelationshipsRelationships
ThreatAgent
Threat
Vulnerability
Risk
Exposure
A$$et
Countermeasures
Attack
Give rise to
Exploit
Leads to
Can damage
and cause an
Mitigated by
When a
Asset Valuation and Risk AnalysisAsset Valuation and Risk Analysis
Asset Values (AV)Asset Values (AV) Exposure Factors (EF)Exposure Factors (EF) Monetary Losses (FDI & FII)Monetary Losses (FDI & FII) Single Loss Expectancy (SLE)Single Loss Expectancy (SLE) Annualized Loss expectancy (ALE)Annualized Loss expectancy (ALE) Value of Safeguard to Company (VSC)Value of Safeguard to Company (VSC) Final ReportFinal Report
VSC - ExamplesVSC - Examples
Asset Valuation, Risk Asset Valuation, Risk Exposure and Value Exposure and Value
of Safeguardof Safeguard An ExampleAn Example
Software Update Terminology (1)Software Update Terminology (1)TermTerm DefinitionDefinition
Security Security PatchPatch
A broadly released fix for a specific product addressing A broadly released fix for a specific product addressing a security vulnerability. A security patch is often a security vulnerability. A security patch is often described as having a described as having a severityseverity, which actually refers to , which actually refers to the MSRC severity rating of the vulnerability that the the MSRC severity rating of the vulnerability that the security patch addresses.security patch addresses.
Critical Critical UpdateUpdate
A broadly released fix for a specific problem addressing A broadly released fix for a specific problem addressing a critical, non-security related bug.a critical, non-security related bug.
UpdateUpdate A broadly released fix for a specific problem addressing A broadly released fix for a specific problem addressing a non-critical, non-security related bug.a non-critical, non-security related bug.
HotfixHotfix A single package composed of one or more files used to A single package composed of one or more files used to address a problem in a product. Hotfixes address a address a problem in a product. Hotfixes address a specific customer situation, are only available through a specific customer situation, are only available through a support relationship with Microsoft, and may not be support relationship with Microsoft, and may not be distributed outside the customer organization without distributed outside the customer organization without written legal consent from Microsoft. written legal consent from Microsoft.
Software Update Terminology (2)Software Update Terminology (2)TermTerm DefinitionDefinition
Update rollupUpdate rollup A collection of security patches, critical updates, updates, A collection of security patches, critical updates, updates, and hotfixes released as a cumulative offering or targeted and hotfixes released as a cumulative offering or targeted at a single product component, such as Microsoft Internet at a single product component, such as Microsoft Internet Information Services (IIS) or Microsoft Internet Explorer. Information Services (IIS) or Microsoft Internet Explorer. Allows for easier deployment of multiple software updates.Allows for easier deployment of multiple software updates.
Service packService pack A cumulative set of hotfixes, security patches, critical A cumulative set of hotfixes, security patches, critical updates, and updates since the release of the product, updates, and updates since the release of the product, including many resolved problems that have not been including many resolved problems that have not been made available through any other software updates. made available through any other software updates. Service packs may also contain a limited number of Service packs may also contain a limited number of customer-requested design changes or features. Service customer-requested design changes or features. Service packs are broadly distributed and tested by Microsoft packs are broadly distributed and tested by Microsoft more than any other software updates.more than any other software updates.
Integrated Integrated Service PackService Pack
The combination of a product with a service pack in one The combination of a product with a service pack in one package.package.
Feature PackFeature Pack A new feature release for a product that adds functionality. A new feature release for a product that adds functionality. Usually rolled into the product at the next release.Usually rolled into the product at the next release.
Language Abbreviation Reference: http://www.microsoft.com/globaldev/reference/winxp/langtla.mspx
Naming Standards – OS (1)Naming Standards – OS (1)for Windows Software Update Packagesfor Windows Software Update Packages
It creates consistency across Microsoft It creates consistency across Microsoft hotfix packages. hotfix packages.
It makes it easier to search for hotfix It makes it easier to search for hotfix packages and Knowledge Base articles. packages and Knowledge Base articles.
It clearly identifies the language of a It clearly identifies the language of a hotfix package and the intended hotfix package and the intended operating system, when applicable.operating system, when applicable.
Naming Standards – OS (2)Naming Standards – OS (2) for Windows Software Update Packagesfor Windows Software Update Packages
ProductNameProductName-KB-KBArticleNumberArticleNumber--OptionOption--LanguageLanguage.exe.exe
WindowsXPWindowsXP--KB828035KB828035--x86x86--FRAFRA.exe.exeWindowsXPWindowsXP--KB828035KB828035--ia64ia64--DEUDEU.exe.exeWindowsNT4ServerWindowsNT4Server--KB828035KB828035--x86x86--SVESVE.exe.exeWindows2000Windows2000--KB828035KB828035--x86x86--ITAITA.exe.exeWindowsServer2003WindowsServer2003--KB828035KB828035--x86x86--ENUENU.exe.exeWindowsServer2003WindowsServer2003--KB828035KB828035--ia64ia64--JPNJPN.exe.exe
Naming Schema can be found searching for KB816915 orat http://support.microsoft.com/default.aspx?scid=kb;en-us;816915
Determining Urgency of VulnerabilitiesDetermining Urgency of Vulnerabilities
RatingRating DefinitionDefinition
CriticalCritical A vulnerability whose exploitation could allow the A vulnerability whose exploitation could allow the propagationpropagation of an Internet worm of an Internet worm without user actionwithout user action..
ImportantImportant A vulnerability whose exploitation could result in A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or compromise of the confidentiality, integrity, or availability of users’ data, or of the integrity or availability of users’ data, or of the integrity or availability of processing resources.availability of processing resources.
ModerateModerate Exploitability is mitigated to a significant degree by Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or factors such as default configuration, auditing, or difficulty of exploitation.difficulty of exploitation.
LowLow A vulnerability whose exploitation is extremely A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.difficult, or whose impact is minimal.
RatingRating Recommended Patching TimeframeRecommended Patching Timeframe
CriticalCritical Within 24 hoursWithin 24 hours
ImportantImportant Within 1 monthWithin 1 month
ModerateModerate Depending on expected availability, wait for next Depending on expected availability, wait for next service pack or patch rollup that includes the patch service pack or patch rollup that includes the patch or deploy the patch within 4 monthsor deploy the patch within 4 months
LowLow Depending on expected availability, wait for next Depending on expected availability, wait for next service pack or patch rollup that includes the patch service pack or patch rollup that includes the patch or deploy the patch within 1 yearor deploy the patch within 1 year
FactorFactor Potential ImpactPotential Impact
High value or high exposure assets impactedHigh value or high exposure assets impacted Decrease timeframeDecrease timeframe
Assets historically attacked are impactedAssets historically attacked are impacted Decrease timeframeDecrease timeframe
Mitigating factors in place or will be quickly put in placeMitigating factors in place or will be quickly put in place Increase timeframeIncrease timeframe
Low risk of exposure for impacted assetsLow risk of exposure for impacted assets Increase timeframeIncrease timeframe
Factors Impacting Release Timeframes
Determining Urgency of VulnerabilitiesDetermining Urgency of Vulnerabilities
The Importance of Proactive The Importance of Proactive Security Patch ManagementSecurity Patch Management
Days between patch release and exploit
210210
BlasterBlaster
NimdaNimda
SlammerSlammer
March 2001
180180
2525July 2002 July 2003
Patch RELEASED
Vulnerability EXPLOITED
August 2003
January 2003
October 2001
Usage & Quality of Security and Patch Management Processes
Use
of
Patc
h M
anagem
ent
Tools
None High
High
VeryVeryPainfulPainful
ModeratelyModeratelyPainfulPainful
LeastLeastPainfulPainful
VeryVeryPainfulPainful
Patch & Update ManagementPatch & Update ManagementGood Process is Key to Success
Security is an Ongoing EffortSecurity is an Ongoing Effort
Operates within a system of People, Process, and Operates within a system of People, Process, and Technology Technology
Security will fail if not focused on all three of these Security will fail if not focused on all three of these componentscomponents
Patch Management Patch Management ProcessProcess
Points about PatchingPoints about Patching
For successful patch management in a For successful patch management in a distributed IT environment consider: distributed IT environment consider:
How to stay aware of new patches and fixes. How to stay aware of new patches and fixes.
Whether it is necessary to apply a particular patch. Whether it is necessary to apply a particular patch.
The system-wide impact of installing a patch. The system-wide impact of installing a patch.
What specifically a patch will change. What specifically a patch will change.
If a patch can be removed, once installed. If a patch can be removed, once installed.
Dependencies between components in the production Dependencies between components in the production environment and the impact of applying a patch to one of environment and the impact of applying a patch to one of those components. those components.
How to evaluate the success of a patch installation. How to evaluate the success of a patch installation.
The possible scenarios for restoring a patched environment. The possible scenarios for restoring a patched environment.
Patch Management ProcessPatch Management Process1. Assess Environment to be Patched1. Assess Environment to be Patched
Periodic TasksPeriodic TasksA. Create/maintain baseline of systemsA. Create/maintain baseline of systems
B. Access patch managementB. Access patch management architecture (is it fit for purpose) architecture (is it fit for purpose)
C. Review Infrastructure/C. Review Infrastructure/ configuration configuration
Ongoing TasksOngoing TasksA. Discover AssetsA. Discover Assets
B. Inventory ClientsB. Inventory Clients
1. Assess1. Assess 2. 2. IdentifyIdentify
4. Deploy4. Deploy 3. 3. Evaluate Evaluate & Plan& Plan
2. Identify New Patches2. Identify New Patches
TasksTasksA. Identify new patchesA. Identify new patches
B. Determine patch relevanceB. Determine patch relevance (includes threat assessment) (includes threat assessment)
C. Verify patch authenticity & integrityC. Verify patch authenticity & integrity (no virus: installs on isolated (no virus: installs on isolated system) system)
3. Evaluate & Plan Patch Deployment3. Evaluate & Plan Patch Deployment
TasksTasksA. Obtain approval to deploy patchA. Obtain approval to deploy patch
B. Perform risk assessmentB. Perform risk assessment
C. Plan patch release processC. Plan patch release process
D. Complete patch acceptance testingD. Complete patch acceptance testing
4. Deploy the Patch4. Deploy the Patch
TasksTasksA. Distribute and install patchA. Distribute and install patchB. Report on progressB. Report on progressC. Handle exceptionsC. Handle exceptions
D. Review deploymentD. Review deployment
Patch Management Patch Management ProcessProcess
Has anything changed in production?Has anything changed in production? New operating systems and applicationsNew operating systems and applications Changes to network or management Changes to network or management
infrastructureinfrastructure
How can you be notified about new How can you be notified about new patches?patches?
Accurate and up-to-date inventory Accurate and up-to-date inventory information is essential to the processinformation is essential to the process
Is the management infrastructure able Is the management infrastructure able to support patch management?to support patch management?
1. Assess1. Assess
Evaluating and Installing UpdatesEvaluating and Installing Updates
Subscribe to Microsoft Security Notification ServiceSubscribe to Microsoft Security Notification Service Consumer: Consumer:
http://www.microsoft.com/security/security_bulletins/decision.ahttp://www.microsoft.com/security/security_bulletins/decision.aspsp
ITProfessional: ITProfessional:
https://https://register.microsoft.com/regsys/pic.aspregister.microsoft.com/regsys/pic.asp
Configure test environments to expedite evaluation of Configure test environments to expedite evaluation of updatesupdates
Create criticality matrices for specific server rolesCreate criticality matrices for specific server roles Develop accelerated release-management processes for Develop accelerated release-management processes for
security-related updatessecurity-related updates
Patch Management Patch Management ProcessProcess
Which systems need to be patched?Which systems need to be patched?
Do all systems need to be patched with Do all systems need to be patched with the same level of priority?the same level of priority?
Which systems are most vulnerable?Which systems are most vulnerable?
Which systems need to be quarantined till Which systems need to be quarantined till the patch is applied?the patch is applied?
Which systems have additional Which systems have additional dependencies and testing requirements?dependencies and testing requirements?
2. Identify2. Identify
Patch Management ProcessPatch Management Process
Need to test the patch before deploymentNeed to test the patch before deployment Important to ensure that business critical Important to ensure that business critical
functions still workfunctions still work Amount of testing will depend on riskAmount of testing will depend on risk
Use change management process to Use change management process to ensure all parties agree with need to ensure all parties agree with need to deploydeploy If critical, use an expedited process!If critical, use an expedited process!
3. Eval &3. Eval &PlanPlan
Patch Management ProcessPatch Management Process
Consider how & when to install the patchConsider how & when to install the patch Installation process may differ for server and Installation process may differ for server and
desktop devicesdesktop devices
Need to consider outage windows and Need to consider outage windows and business continuitybusiness continuity
Need to consider how to patch mobile clients Need to consider how to patch mobile clients and clients connection across slow or and clients connection across slow or unreliable networksunreliable networks
Can the patch be combined with other Can the patch be combined with other changes to minimize down time…changes to minimize down time…
3. Eval &3. Eval &PlanPlan
Patch Management ProcessPatch Management Process
Production environment needs to be Production environment needs to be prepared for new patchesprepared for new patches Administrators/users will need to be informed of Administrators/users will need to be informed of
possible downtimepossible downtime
Possible training to assist support deskPossible training to assist support desk
Program and advertisements imported from test Program and advertisements imported from test environment environment
Distribution points checked to confirm presence Distribution points checked to confirm presence of patch and associated binariesof patch and associated binaries
4. Deploy4. Deploy
Patch Management ProcessPatch Management Process
Monitor patch distributionMonitor patch distribution Check progress and deal with exceptionsCheck progress and deal with exceptions
Releasing patches to mobile clients Releasing patches to mobile clients and slow connectionsand slow connections Size of patch may be a significant issueSize of patch may be a significant issue Options include forcing mobile clients Options include forcing mobile clients
into the office or distributing across the into the office or distributing across the networknetwork
4. Deploy4. Deploy
Patch Management ProcessPatch Management ProcessRoles and ResponsibilitiesRoles and Responsibilities
People need to have defined roles and People need to have defined roles and responsibilitiesresponsibilities
Perform daily, weekly, monthly, and Perform daily, weekly, monthly, and as-needed tasksas-needed tasks Audit server production environment (daily)Audit server production environment (daily) Check for new information sources (monthly)Check for new information sources (monthly) Review new patch notifications (as needed)Review new patch notifications (as needed)
Security Patch ManagementSecurity Patch Management14 High Level Steps14 High Level Steps
1.1. Define a Security Patch Management Policy Define a Security Patch Management Policy sponsored by Senior Managementsponsored by Senior Management
2.2. Build a Team responsible to manage the processBuild a Team responsible to manage the process3.3. Identify tools and architectureIdentify tools and architecture4.4. Assess environment and update CMDBAssess environment and update CMDB5.5. Stay tuned – Notification servicesStay tuned – Notification services6.6. Maintain your patch repository up to dateMaintain your patch repository up to date7.7. Test all patches - go/no go decisionsTest all patches - go/no go decisions8.8. Plan for deploymentPlan for deployment9.9. Deploy Pilot then ProductionDeploy Pilot then Production10.10. Monitor critical systemsMonitor critical systems11.11. Re-Assess environmentRe-Assess environment12.12. Report resultsReport results13.13. Update your baseline (bi-monthly)Update your baseline (bi-monthly)14.14. Go to point 4Go to point 4
New InstallationsNew Installations
New installs need full set of patches for New installs need full set of patches for protectionprotection
Slipstreaming into base imagesSlipstreaming into base images Complements other methodsComplements other methods Provides base install with needed patches Provides base install with needed patches
for new machines, rebuilds, etc.for new machines, rebuilds, etc. Must be integrated into existing OS build Must be integrated into existing OS build
processprocess
Slipstreaming PatchesSlipstreaming Patches
MS and vendors don’t ship machines MS and vendors don’t ship machines this waythis way Cost, speed, supportability issuesCost, speed, supportability issues
Result: new installs are vulnerable until Result: new installs are vulnerable until patchedpatched
Slipstreaming builds patches into the Slipstreaming builds patches into the installation imageinstallation image
Assumes that you have standard OS Assumes that you have standard OS buildbuild
Slipstreaming PatchesSlipstreaming Patches
Basic processBasic process Copy installation files from CD to sourceCopy installation files from CD to source Apply latest service pack with -s switchApply latest service pack with -s switch Prepare the post-SP patchesPrepare the post-SP patches Update the svcpack.inf and dosnet.inf filesUpdate the svcpack.inf and dosnet.inf files
Integrated Service Integrated Service PackPack
SlipstreamingSlipstreaming SPSP HotFixHotFix
Slipstreaming PatchesSlipstreaming PatchesCopy installation filesCopy installation files
Be sure to use appropriate flags to copy Be sure to use appropriate flags to copy subdirs, etc.subdirs, etc. XCOPY /E /I /V /S XCOPY /E /I /V /S is is your friendyour friend If you’re creating a bootable disk, use your If you’re creating a bootable disk, use your
favorite imaging tool to create the imagefavorite imaging tool to create the image
Slipstreaming PatchesSlipstreaming PatchesApply the latest service packApply the latest service pack Two methodsTwo methods
Extract the files manually by using Extract the files manually by using -x-x switchswitch
Extract files automatically with Extract files automatically with --s:fileDirs:fileDir
Resulting slipstreamed install can be Resulting slipstreamed install can be used for clean installationsused for clean installations Service pack cannot be removed after Service pack cannot be removed after
installationinstallation
Slipstreaming PatchesSlipstreaming PatchesPrepare the patchesPrepare the patches Inventory the set of patches you wantInventory the set of patches you want Create a directory for the patches Create a directory for the patches
beneath beneath i386 i386 in the distribution tree in the distribution tree Rename the hotfixes using 8.3 namesRename the hotfixes using 8.3 names
Q323255_WXP_SP2_x86_ENU.exe Q323255_WXP_SP2_x86_ENU.exe becomes Q323255.exebecomes Q323255.exe
Expand each hotfix to a temp dirExpand each hotfix to a temp dir Q323255.exe -x c:\tempQ323255.exe -x c:\temp
Move the hotfix filesMove the hotfix files
Slipstreaming PatchesSlipstreaming PatchesUpdate the svcpack.inf fileUpdate the svcpack.inf file Create a new file, including each hotfix Create a new file, including each hotfix
in the appropriate sectionsin the appropriate sections ProductCatalogsToInstallProductCatalogsToInstall : put .cat : put .cat
files herefiles here SetupHotfixesToRunSetupHotfixesToRun : put .exe files here : put .exe files here List the files in numerical order!List the files in numerical order!
Add Qchain.exe to the end of Add Qchain.exe to the end of SetupHotfixesToRunSetupHotfixesToRun section section
Slipstreaming PatchesSlipstreaming PatchesUpdate the dosnet.inf fileUpdate the dosnet.inf file Add your patch directory to Add your patch directory to
OptionalSrcDirsOptionalSrcDirs Just directory name, since it’s under Just directory name, since it’s under i386 i386
alreadyalready
Add names of hotfix files to Add names of hotfix files to ForceCopyDriverCabFilesForceCopyDriverCabFiles But only add files that aren’t already there!But only add files that aren’t already there!
Patch Management Patch Management ToolsTools
Solution ComponentsSolution ComponentsAnalysis Analysis
ToolsTools
Microsoft Baseline Security Analyzer (MBSA)Microsoft Baseline Security Analyzer (MBSA)
Office Inventory ToolOffice Inventory Tool
Online Update Online Update ServicesServices
Windows UpdateWindows Update
Office UpdateOffice Update
Content Content RepositoriesRepositories
Windows Update CatalogWindows Update Catalog
Office Download CatalogOffice Download Catalog
Microsoft Download CenterMicrosoft Download Center
Management Management ToolsTools
Automatic Updates (AU) feature in WindowsAutomatic Updates (AU) feature in Windows
Software Update Services (SUS)Software Update Services (SUS)
Systems Management Server (SMS)Systems Management Server (SMS)
PrescriptivePrescriptiveGuidanceGuidance
Microsoft Guide to Security Patch ManagementMicrosoft Guide to Security Patch Management
Patch Management Using SUSPatch Management Using SUS
Patch Management Using SMSPatch Management Using SMS
Patch Management Using SMS 2003Patch Management Using SMS 2003
Online Update Services:Online Update Services:Windows UpdateWindows Update
Windows Update: What it IsWindows Update: What it Is Microsoft online service Microsoft online service (windowsupdate.microsoft.com)(windowsupdate.microsoft.com)::
Identifies missing Windows OS* patches / updatesIdentifies missing Windows OS* patches / updateson accessing computeron accessing computer
Generates targeted list of missing updatesGenerates targeted list of missing updates
Installs user selected missing updatesInstalls user selected missing updates
Provides update installation historyProvides update installation history
Supplemented by Windows Update Catalog site Supplemented by Windows Update Catalog site which provides:which provides:
Comprehensive repository for all Windows and Comprehensive repository for all Windows and ‘Designed for Windows’ logo device driver updates ‘Designed for Windows’ logo device driver updates
Search – to find desired updateSearch – to find desired update
Manual download of desired updatesManual download of desired updates
Download history for accessing computerDownload history for accessing computer
*Windows 98 and later versions
1. Assess1. Assess
2. Identify2. Identify
4. Deploy4. Deploy
Windows Update: Supported Windows Update: Supported Content & PlatformsContent & Platforms
Types of content:Types of content: Critical (including Security) UpdatesCritical (including Security) Updates
Recommended Downloads Recommended Downloads
Internet and Multimedia Updates – IE, Media Player, etc.Internet and Multimedia Updates – IE, Media Player, etc.
Windows tools & utilitiesWindows tools & utilities
Additional Windows Downloads – updates for desktop settings, Additional Windows Downloads – updates for desktop settings, other Windows features other Windows features
Multi-Language Features – menus and dialog boxes, Multi-Language Features – menus and dialog boxes, language support, Input Method Editors, etc. language support, Input Method Editors, etc.
Windows Logo hardware driversWindows Logo hardware drivers
Service PacksService Packs
Above content provided for:Above content provided for: Windows 2003Windows 2003
Windows 2000Windows 2000
Windows XPWindows XP
Windows 98 / 98SE, Windows MEWindows 98 / 98SE, Windows ME
Windows Update: How It WorksWindows Update: How It WorksScenario 1: User Initiated AccessScenario 1: User Initiated Access
Windows Update Service
2.2. Client side code (CC) in Client side code (CC) in browser validates WU browser validates WU server & gets download server & gets download catalog metadatacatalog metadata
1.1. User goes to Windows User goes to Windows Update (WU) & selects Update (WU) & selects ‘Scan for updates’‘Scan for updates’
3.3. CC uses metadata to CC uses metadata to identify missing identify missing updatesupdates4.4. User selects User selects updates to installupdates to install
5.5. CC downloads, validates, CC downloads, validates, & installs updates& installs updates
6.6. CC updates history & CC updates history & statistics information*statistics information*
*Note: No personally identifiable information is collected. *Note: No personally identifiable information is collected. See See http://v4.windowsupdate.microsoft.com/en/about.asp#privacypolicy
Automatic Updates Automatic Updates
Available on Windows XP & Available on Windows XP & Windows 2000 Service Pack 3 Windows 2000 Service Pack 3 and higherand higher
Automatic Updates to apply Automatic Updates to apply security updates. security updates.
Windows XP, Automatic Windows XP, Automatic Updates is configured in the Updates is configured in the property pages of the Control property pages of the Control Panel’s System applet.Panel’s System applet.
Windows 2000 Service Pack 3 Windows 2000 Service Pack 3 and higher adds the Automatic and higher adds the Automatic Updates applet to the Control Updates applet to the Control PanelPanel
Automatic UpdatesAutomatic Updates
Centrally configurable to get updates either from corporate SUS Centrally configurable to get updates either from corporate SUS server or Windows Update serviceserver or Windows Update service
Centrally configurable to prevent users from installing non-Centrally configurable to prevent users from installing non-approved patchesapproved patches
Can auto-download and install patches under admin controlCan auto-download and install patches under admin control
Allows chaining of patch installations to minimize rebootsAllows chaining of patch installations to minimize reboots
Included in Windows 2000 SP3, Windows XP SP1, and Windows Included in Windows 2000 SP3, Windows XP SP1, and Windows Server 2003Server 2003
Localized in 24 languagesLocalized in 24 languages
Windows Update: How It WorksWindows Update: How It WorksScenario 2: Automatic Updates Initiated AccessScenario 2: Automatic Updates Initiated Access
Windows Update Service2.2. AU validates WU server AU validates WU server
& gets download catalog & gets download catalog metadatametadata
1.1. AU check WU service AU check WU service for new updates for new updates (every 17-22 hours)(every 17-22 hours)
3.3. AU uses metadata to AU uses metadata to identify missing identify missing updatesupdates
4.4. AU either notifies user AU either notifies user or auto-downloads or auto-downloads using BITS & validates using BITS & validates new updatesnew updates
5.5. AU either notifies user or AU either notifies user or auto-installs updatesauto-installs updates
6.6. AU updates history & AU updates history & statistics information*statistics information*
*Note: No personally identifiable information is collected. *Note: No personally identifiable information is collected. See See http://v4.windowsupdate.microsoft.com/en/about.asp#privacypolicy
Online Update Services:Online Update Services: Office UpdateOffice Update
Office Update: What it IsOffice Update: What it Is Microsoft online service: Microsoft online service:
((http://office.microsoft.com/officeupdatehttp://office.microsoft.com/officeupdate ––> ‘Check for Updates’)> ‘Check for Updates’)
Identifies missing Microsoft Office updatesIdentifies missing Microsoft Office updates Office 2000 and later versionsOffice 2000 and later versions
Generates targeted list of missing updatesGenerates targeted list of missing updates
Installs selected missing updatesInstalls selected missing updates As selected by userAs selected by user
Provides update installation historyProvides update installation history
Supplemented by Supplemented by Office Download CatalogOffice Download Catalog site which site which provides:provides:
Comprehensive repository for Microsoft Office updatesComprehensive repository for Microsoft Office updates Office 1997 and later versionsOffice 1997 and later versions
Updates organized by product, version, and typeUpdates organized by product, version, and type
Manual download of desired updatesManual download of desired updates
Download history for accessing computerDownload history for accessing computer
1. Assess1. Assess
2. Identify2. Identify
4. Deploy4. Deploy
Office UpdateOffice Update
Support Windows NT 4.0 SP5 Support Windows NT 4.0 SP5 and aboveand above
A catalog of software updates A catalog of software updates for Office 2000 and Office XPfor Office 2000 and Office XP
Administrators can download Administrators can download the following tools:the following tools: Office Update Inventory ToolOffice Update Inventory Tool Office Hotfix InstallerOffice Hotfix Installer Windows Corporate Error Windows Corporate Error
Reporting ToolReporting Tool
Office Update: How It WorksOffice Update: How It Works
Office Update Service
2.2. Client side code (CC) in Client side code (CC) in browser validates browser validates service & gets detection service & gets detection catalogcatalog
1.1. User goes to Office User goes to Office Update & selects Update & selects ‘Check for updates’‘Check for updates’
3.3. CC compares CC compares information in Windows information in Windows Installer DB with that in Installer DB with that in detection catalog to detection catalog to identify missing identify missing updatesupdates4.4. User selects User selects updates to installupdates to install
5.5. CC downloads, validates, CC downloads, validates, & installs updates& installs updates
6.6. CC updates history & CC updates history & statistics information*statistics information*
*Note: No personally identifiable information is collected. *Note: No personally identifiable information is collected. See See http://v4.windowsupdate.microsoft.com/en/about.asp#privacypolicy
Windows Update/ Office UpdateWindows Update/ Office Update
BenefitsBenefits
Easy to use even for consumers / home Easy to use even for consumers / home usersusers
Single location for Windows/Office patches Single location for Windows/Office patches & updates& updates
Automates scanning and installation for Automates scanning and installation for patches & updatespatches & updates
Keeps Systems/Office up-to-date with latest Keeps Systems/Office up-to-date with latest security & critical patches and service security & critical patches and service packspacks
Microsoft Download CenterMicrosoft Download Center
Microsoft web site Microsoft web site ((www.microsoft.com/downloadswww.microsoft.com/downloads))
Comprehensive repository for all Comprehensive repository for all Microsoft software downloadsMicrosoft software downloads
Includes downloads forIncludes downloads for ‘‘Released to Web’ products, upgrades, & features;Released to Web’ products, upgrades, & features;
Patches & other updatesPatches & other updates
Other download types (documentation, etc.)Other download types (documentation, etc.)
Provides various search and search Provides various search and search results sorting optionsresults sorting options
2. Identify2. Identify
Content Repository ComparisonContent Repository Comparison
Windows UpdateWindows Update Office UpdateOffice Update MS Download MS Download CenterCenter
Supported Supported SoftwareSoftware
Windows operating systems & Windows operating systems & components onlycomponents only
Microsoft Office & Microsoft Office & components onlycomponents only
All Microsoft All Microsoft productsproducts
Supported Supported Content Content TypesTypes
Security patches, updates, Security patches, updates, update rollups, SPsupdate rollups, SPs
Security patches, Security patches, updates, update updates, update rollups, SPs, & morerollups, SPs, & more
All types of All types of contentcontent
Scans for Scans for UpdatesUpdates
YesYes YesYes NoNo
Usage Usage OptionsOptions
Auto update install via online Auto update install via online serviceservice
Auto update download via Auto update download via programmatic access (e.g. by programmatic access (e.g. by AU)AU)
Manual update download (from Manual update download (from Windows Update Catalog)Windows Update Catalog)
Auto update install via Auto update install via online serviceonline service
Manual update Manual update download (from Office download (from Office Download Catalog)Download Catalog)
Manual content Manual content download onlydownload only
SummarySummary
TerminologyTerminology Security termsSecurity terms Patching termsPatching terms Severity RatingsSeverity Ratings
A four-phases PM ProcessA four-phases PM Process Assess, Identify, Evaluate & Plan, DeployAssess, Identify, Evaluate & Plan, Deploy
Windows and Office UpdateWindows and Office Update
MBSA: What is DoesMBSA: What is Does
Helps assess the vulnerability of Windows systemsHelps assess the vulnerability of Windows systems
Scans for missing Scans for missing securitysecurity patches / updates and patches / updates and common common securitysecurity misconfigurations misconfigurations
Scans local or multiple remote systems via GUI or Scans local or multiple remote systems via GUI or command line invocationcommand line invocation
Scans various versions of Windows, IIS, IE, SQL, Scans various versions of Windows, IIS, IE, SQL, Exchange, and other Microsoft applicationsExchange, and other Microsoft applications
Generates XML scan reports on each scanned systemGenerates XML scan reports on each scanned system
Runs on Windows Server 2003, Windows 2000 and Runs on Windows Server 2003, Windows 2000 and Windows XPWindows XP
Works with SUS & SMSWorks with SUS & SMS
1. Assess1. Assess
2. Identify2. Identify
MSSecure.XMLMSSecure.XML
MSSecure.XML allows tool to obtain information MSSecure.XML allows tool to obtain information about the most recently released security about the most recently released security hotfixeshotfixes
XML file is updated each time a new security XML file is updated each time a new security bulletin is releasedbulletin is released
Contains data about each hotfix, including:Contains data about each hotfix, including: Operating system and service pack (SP) applicability.Operating system and service pack (SP) applicability. Details about all files in the patchDetails about all files in the patch
File versionFile version File checksumFile checksum File locationFile location
Registry key applied by the patch.Registry key applied by the patch. Patch Superseding information.Patch Superseding information.
MBSAMBSAHow It Works*How It Works*
MicrosoftDownload Center
MSSecure.xmlMSSecure.xml
MSSecure.xml containsMSSecure.xml contains• Security Bulletin namesSecurity Bulletin names• Product specific updatesProduct specific updates• Version and checksum infoVersion and checksum info• Registry keys changedRegistry keys changed• KB article numbersKB article numbers• Etc.Etc.
MSSecure.xml containsMSSecure.xml contains• Security Bulletin namesSecurity Bulletin names• Product specific updatesProduct specific updates• Version and checksum infoVersion and checksum info• Registry keys changedRegistry keys changed• KB article numbersKB article numbers• Etc.Etc.
MBSAMBSAComputerComputer
*Only covers security patch scanning capabilities, not security configuration detection issues*Only covers security patch scanning capabilities, not security configuration detection issues
2.2. Downloads CAB file Downloads CAB file with MSSecure.xml & with MSSecure.xml & verifies digital verifies digital signaturesignature
1.1. Run MBSA on Admin Run MBSA on Admin system, specify system, specify targetstargets
3.3. Scans target Scans target systems for OS, OS systems for OS, OS components, & components, & applicationsapplications4.4. Parses Parses MSSecure to MSSecure to see if updates see if updates availableavailable5.5. Checks if Checks if required required updates are updates are missingmissing6.6. Generates time Generates time stamped report of stamped report of missing updatesmissing updates
MBSA 1.2MBSA 1.2 Better international supportBetter international support
Japanese, French, German locale supportJapanese, French, German locale support
Expanded product supportExpanded product support MDAC, MSXML, JVM, Content Mgt Server, Commerce Server, MDAC, MSXML, JVM, Content Mgt Server, Commerce Server,
BizTalk, Host Integration Server and OfficeBizTalk, Host Integration Server and Office
Improved consistency of reportsImproved consistency of reports Support for alternate file versions in mssecure.xmlSupport for alternate file versions in mssecure.xml
Handle multiple patches for a product targeted at different OS versionsHandle multiple patches for a product targeted at different OS versions ““OR” logic to consider multiple sets of file details OR” logic to consider multiple sets of file details Handle uniproc/multiproc patches, QFE/GDR branch patches, etc.Handle uniproc/multiproc patches, QFE/GDR branch patches, etc.
Office Update Inventory Tool integration (local scans only)Office Update Inventory Tool integration (local scans only)
Enhanced IE security zone checksEnhanced IE security zone checks
ProductProduct MBSA 1.1.1MBSA 1.1.1 MBSA 1.2MBSA 1.2Windows 2000 Windows XP Windows NT 4.0 and higher (remote scan only) Windows Server 2003 Internet Explorer 5.01 and later Windows Media Player 6.4 and later IIS 4.0, 5.0, 5.1, and 6.0 SQL Server 7.0 and 2000 (including Microsoft Data Engine) Exchange 5.5 and 2000 (including Exchange Admin Tools) Exchange Server 2003 Microsoft Office (local scan only; see list of products) Microsoft Data Access Components (MDAC) 2.5, 2.6, 2.7, and
2.8
Microsoft Virtual Machine MSXML 2.5, 2.6, 3.0, and 4.0 BizTalk® Server 2000, 2002, and 2004 Commerce Server 2000 and 2002 Content Management Server (CMS) 2001 and 2002 Host Integration Server (HIS) 2000, 2004, and SNA Server 4.0
MBSA 1.2 Default Scan OptionsMBSA 1.2 Default Scan Options
MBSA Scan (GUI)MBSA Scan (GUI) Uses –baseline, -v, -nosumUses –baseline, -v, -nosum
-baseline aligns with WU critical security updates-baseline aligns with WU critical security updates Notes and warnings still shown by defaultNotes and warnings still shown by default Checksum checks not performed (to match WU)Checksum checks not performed (to match WU)
MBSA Scan (mbsacli.exe)MBSA Scan (mbsacli.exe) Uses –sumUses –sum
Checksum checks performedChecksum checks performed Notes and warnings still shown by defaultNotes and warnings still shown by default
HFNetChk Scan (mbsacli.exe /hf)HFNetChk Scan (mbsacli.exe /hf) Uses –sumUses –sum
Checksum checks performedChecksum checks performed Notes and warnings still shown by defaultNotes and warnings still shown by default
Ports Needed to run MBSAPorts Needed to run MBSA
8080 mssecure_mssecure_nnnnnnnn.cab.cab
139 and 445139 and 445 Remote ScanRemote Scan
139, 445, 137 and 138139, 445, 137 and 138 Multi-domain environment when networks are Multi-domain environment when networks are
separated by FW or Router filteringseparated by FW or Router filtering Remote Network Connection and Remote Network Connection and
AuthenticationAuthentication
MBSA – Additional InfoMBSA – Additional Info
NetBIOS Name ResolutionNetBIOS Name Resolution MyComputerNameMyComputerName Mydomain\MyComputerNameMydomain\MyComputerName MyWorkgroup\MyComputerNameMyWorkgroup\MyComputerName
When used with –fh or –fip switchWhen used with –fh or –fip switch Maximum of 256 machine names per scanMaximum of 256 machine names per scan
MBSA - ReportingMBSA - Reporting
XML format (MBSA.exe)XML format (MBSA.exe) Text format (MBSACLI.exe /HF)Text format (MBSACLI.exe /HF) Does not contain severity scoresDoes not contain severity scores
No default way to group patchesNo default way to group patches Ad hoc application is neededAd hoc application is needed
MBSA Severity ReporterMBSA Severity Reporter
MBSA – Parameters and MBSA – Parameters and PerformancesPerformances
For Patch Management use /HF !!!
Using MBSA with SUSUsing MBSA with SUS
Performs security update scan against Performs security update scan against specified SUS serverspecified SUS server
Reads registry for SUS server info or user specifies Reads registry for SUS server info or user specifies this infothis info
Reads Reads approveditems.txtapproveditems.txt file on SUS server via HTTP file on SUS server via HTTP Looks up approved items in mssecure.xml fileLooks up approved items in mssecure.xml file Performs scan against appropriate patches in Performs scan against appropriate patches in
mssecure.xmlmssecure.xml
CMD LINE execution:CMD LINE execution: Mbsacli.exe /susMbsacli.exe /sus mbsacli.exe /sus http://mysusservermbsacli.exe /sus http://mysusserver mbsacli.exe /hf /sus http://mysusservermbsacli.exe /hf /sus http://mysusserver
Using MBSA with SMSUsing MBSA with SMS
Scans SMS clients for missing security Scans SMS clients for missing security updates using MBSA CLIupdates using MBSA CLI
Pushes mbsacli.exe to each client to do local Pushes mbsacli.exe to each client to do local scan (mbsacli.exe /hf)scan (mbsacli.exe /hf)
Parses textual output of patch numbersParses textual output of patch numbers
SMS Administrators can centrally distribute SMS Administrators can centrally distribute security updates to clientssecurity updates to clients
SMS 2.0 uses MBSA 1.1; SMS 2003 uses SMS 2.0 uses MBSA 1.1; SMS 2003 uses MBSA 1.1.1*MBSA 1.1.1*
*Only change from MBSA 1.1 is support for Windows Server 2003
Microsoft Baseline Microsoft Baseline Security AnalyzerSecurity Analyzer
Local ScanLocal Scan Scan with SUSScan with SUS 1.1.1 vs 1.21.1.1 vs 1.2 Command lineCommand line HF modeHF mode Collecting resultsCollecting results
MYSUSPRODUCTION Windows 2000 DC
SUS 1.0 SP110.0.0.110
WINDOWS UPDATE
MYW2K3TESTWindows 2003SUS 2.0 BETA
10.0.0.200MYSUSTESTWindows 2003SUS 1.0 SP1
MBSA 1.210.0.0.100
MYSMS2003Windows 2000
SMS 2003SQL Server10.0.0.210
MYWEBPRODUCTIONWindows 2000
IIS 5.010.0.0.220
MYXPPRODUCTIONWindows XP Pro SP1
Office XPMBSA 1.1.110.0.0.130
CONTOSO.COM
MYSUSPRODUCTION Windows 2000 DC
SUS 1.0 SP110.0.0.110
WINDOWS UPDATE
MYW2K3TESTWindows 2003SUS 2.0 BETA
10.0.0.200MYSUSTESTWindows 2003SUS 1.0 SP1
MBSA 1.210.0.0.100
MYSMS2003Windows 2000
SMS 2003SQL Server10.0.0.210
MYWEBPRODUCTIONWindows 2000
IIS 5.010.0.0.220
MYXPPRODUCTIONWindows XP Pro SP1
Office XPMBSA 1.1.110.0.0.130
CONTOSO.COM
MBSA Update Scanning MBSA Update Scanning FunctionalityFunctionality
Overall planOverall plan MBSA update scanning functionality integrated MBSA update scanning functionality integrated
into Windows patch management functionalityinto Windows patch management functionality
MBSA becomes Windows vulnerability MBSA becomes Windows vulnerability assessment & mitigation engineassessment & mitigation engine
Near- and Intermediate-term plans:Near- and Intermediate-term plans: MBSA 2.0 (1MBSA 2.0 (1stst Half 2004) Half 2004)
Update scanning functionality migrates to SUS 2.0 / Update scanning functionality migrates to SUS 2.0 / Microsoft UpdateMicrosoft Update
MBSA leverages SUS 2.0 update scanningMBSA leverages SUS 2.0 update scanning
MBSA & SUS 2.0 do update scanning for all Microsoft MBSA & SUS 2.0 do update scanning for all Microsoft productsproducts
Update Tools - ManagedUpdate Tools - Managed
Software Update ServicesSoftware Update Services Manual ScanManual Scan
Security Scan (MBSA)Security Scan (MBSA)
Automatic Patch DeploymentAutomatic Patch Deployment Windows PatchWindows Patch
System Management Server 2003System Management Server 2003 Automatic ScanAutomatic Scan
Security Scan and Office ScanSecurity Scan and Office Scan
Automatic Patch DeploymentAutomatic Patch Deployment Both MS and non-MS productBoth MS and non-MS product
Software Update Software Update Services Services
(SUS)(SUS)
SUS 1.0: What it DoesSUS 1.0: What it Does
Deploys Windows security patches, security rollups, Deploys Windows security patches, security rollups, updates, and service packs onlyupdates, and service packs only
Deploys above content for Windows 2000, Deploys above content for Windows 2000, Windows Server 2003 and Windows XP onlyWindows Server 2003 and Windows XP only
Provides patch download, deployment, and Provides patch download, deployment, and installation configuration options installation configuration options
Bandwidth optimized content deploymentBandwidth optimized content deployment
Provides central administrative control over which Provides central administrative control over which patches can be installed on target systemspatches can be installed on target systems
Provides basic patch installation logging informationProvides basic patch installation logging information
2. Identify2. Identify
4. Deploy4. Deploy
SUS BenefitsSUS Benefits
Gives administrators control over patch & update Gives administrators control over patch & update managementmanagement Works with Group Policy* to prevent installs of non-approved Works with Group Policy* to prevent installs of non-approved
updates from Windows Updateupdates from Windows Update
Allows staging & testing of updates before installationAllows staging & testing of updates before installation
Simplifies & automates key aspects of the patch Simplifies & automates key aspects of the patch management processmanagement process
Ease of use alleviates difficulty of keeping Ease of use alleviates difficulty of keeping supported systems up-to-date, reducing security supported systems up-to-date, reducing security risksrisks
*Note: Use of SUS does not require implementation of Active Directory or Group Policy
SUS 1.0: How It WorksSUS 1.0: How It Works
ParentParentSUS ServerSUS Server
FirewallFirewall
ChildChildSUS ServerSUS Server
ChildChildSUS ServerSUS Server
BandwidthBandwidth
ThrottlingThrottling
WindowsUpdate Service
WindowsUpdate Service
Bandwidth
Bandwidth
Throttling
Throttling
Ban
dw
idth
Ban
dw
idth
Th
rottlin
gT
hro
ttling
2.2. Administrator Administrator reviews, evaluates, reviews, evaluates, and approves and approves updatesupdates
1.1. SUS Server check for SUS Server check for updates every 17-22 updates every 17-22 hourshours
3.3. Approvals & Approvals & updates synced updates synced with child SUS with child SUS servers*servers*
4.4. AU gets approved AU gets approved updates list from SUS updates list from SUS serverserver
6.6. AU either notifies user or AU either notifies user or auto-installs updatesauto-installs updates
7.7. AU records install historyAU records install history
5.5. AU downloads approved AU downloads approved updates from SUS server updates from SUS server or Windows Updateor Windows Update
*SUS maintains approval logs & download, sync, & install statistics*SUS maintains approval logs & download, sync, & install statistics
Best PracticeBest Practice
Software Update ServicesSoftware Update Services ServerServer
OverviewOverview SynchronizationSynchronization AutoApprovalAutoApproval
ClientClient Registry configurationRegistry configuration Group PolicyGroup Policy
MYSUSPRODUCTION Windows 2000 DC
SUS 1.0 SP110.0.0.110
WINDOWS UPDATE
MYW2K3TESTWindows 2003SUS 2.0 BETA
10.0.0.200MYSUSTESTWindows 2003SUS 1.0 SP1
MBSA 1.210.0.0.100
MYSMS2003Windows 2000
SMS 2003SQL Server10.0.0.210
MYWEBPRODUCTIONWindows 2000
IIS 5.010.0.0.220
MYXPPRODUCTIONWindows XP Pro SP1
Office XPMBSA 1.1.110.0.0.130
CONTOSO.COM
Systems Systems Management Server Management Server
(SMS)(SMS)
SMS 2003: What it DoesSMS 2003: What it Does
Identifies & deploys missing Windows and Office Identifies & deploys missing Windows and Office security patches on target systemssecurity patches on target systems
Can deploy any patch, update, or application in Can deploy any patch, update, or application in Windows environmentsWindows environments
Inventory management & inventory based targeting Inventory management & inventory based targeting of software installsof software installs
Install verification and detailed reportingInstall verification and detailed reporting
Flexible scheduling of content sync & installsFlexible scheduling of content sync & installs
Central, full administrative control over installsCentral, full administrative control over installs
Bandwidth optimized content distributionBandwidth optimized content distribution
Software metering and remote control capabilitiesSoftware metering and remote control capabilities
1. Assess1. Assess
2. Identify2. Identify
4. Deploy4. Deploy
3. Eval &3. Eval &PlanPlan
SMS 2003 Patch Management: SMS 2003 Patch Management: BenefitsBenefits
Gives administrators control over patch management Gives administrators control over patch management Allows staging & testing of updates before installationAllows staging & testing of updates before installation Fine-grained control of patch management optionsFine-grained control of patch management options
Automates key aspects of the patch management Automates key aspects of the patch management processprocess
Can update a broad range of Microsoft products Can update a broad range of Microsoft products (not limited to Windows and Office)(not limited to Windows and Office)
Can also be used to update third party software and Can also be used to update third party software and deploy & install any software update or applicationdeploy & install any software update or application
High level of flexibility via use of scriptingHigh level of flexibility via use of scripting
SMS 2003 Patch ManagementSMS 2003 Patch ManagementHow It WorksHow It Works
FirewallFirewall
SMS SMS Site ServerSite Server
SMS DistributionSMS DistributionPointPoint
SMS ClientsSMS Clients
SMS ClientsSMS Clients
MicrosoftDownload Center
SMS DistributionSMS DistributionPointPoint
2.2. Scan components Scan components replicate to SMS replicate to SMS clientsclients
1.1. Setup: Download Security Setup: Download Security Update Inventory and Office Update Inventory and Office Inventory Tools; run Inventory Tools; run inventory tool installerinventory tool installer
3.3. Clients scanned; scan Clients scanned; scan results merged into results merged into SMS hardware SMS hardware inventory datainventory data
4.4. Administrator uses Administrator uses Distribute Software Distribute Software Updates Wizard to Updates Wizard to authorize updatesauthorize updates
6.6. Software Update Installation Software Update Installation Agent on clients deploy Agent on clients deploy updatesupdates
7.7. Periodically: Sync component Periodically: Sync component checks for new updates; scans checks for new updates; scans clients; and deploys necessary clients; and deploys necessary updatesupdates
5.5. Update files downloaded; Update files downloaded; packages, programs & packages, programs & advertisements advertisements created/updated; packages created/updated; packages replicated & programs replicated & programs advertised to SMS clientsadvertised to SMS clients
SMS ClientsSMS Clients
SMS 2003 Patch Management: SMS 2003 Patch Management: Functionality (1)Functionality (1)
System scanning & patch content downloadSystem scanning & patch content download Content from Microsoft download centerContent from Microsoft download center
MBSA & Office Update plug-ins scan for missing patchesMBSA & Office Update plug-ins scan for missing patches
Supports updating of remote & mobile devicesSupports updating of remote & mobile devices
Updates various versions of Windows, Office, SQL, Exchange, and Updates various versions of Windows, Office, SQL, Exchange, and Windows Media Player without need for update packaging / scriptingWindows Media Player without need for update packaging / scripting
Administrator controlAdministrator control Update targeting based on AD, non-AD groups, WMI properties; Update targeting based on AD, non-AD groups, WMI properties;
additional options via scriptingadditional options via scripting
Patches consumed only by SMS administrators via the deployment Patches consumed only by SMS administrators via the deployment process (on demand)process (on demand)
Specific start and end times (change windows), rolling change windowsSpecific start and end times (change windows), rolling change windows
Easily merge patches from testing into productionEasily merge patches from testing into production
Reference computer templates for baseline determination / compliance Reference computer templates for baseline determination / compliance
Patch download & installationPatch download & installation Delta replication (site-site, server-server) of patchesDelta replication (site-site, server-server) of patches
Can use BITS for mobile / remote client-serverCan use BITS for mobile / remote client-server
Can use SMB for LAN / priority situations Can use SMB for LAN / priority situations
Reminders and rescheduling of install / reboot & enforcement Reminders and rescheduling of install / reboot & enforcement datesdates
Optimized graceful reboots, but forced when enforcement date Optimized graceful reboots, but forced when enforcement date arrivesarrives
Per-patch reboot-needed detection to reduce rebootsPer-patch reboot-needed detection to reduce reboots
Status & Compliance ReportingStatus & Compliance Reporting Deployment status as patches are attemptedDeployment status as patches are attempted
Standard and customized reports through read-only SQL queriesStandard and customized reports through read-only SQL queries
Determine actual baselines in the environment before changing Determine actual baselines in the environment before changing the environmentthe environment
SMS 2003 Patch Management: SMS 2003 Patch Management: Functionality (2)Functionality (2)
SMS 2003 – SMS 2003 – Technical Technical Multimedia Presentation Multimedia Presentation SMS2003 Deployment at MicrosoftSMS2003 Deployment at Microsoft
http://http://go.microsoft.com/fwlink/?LinkIdgo.microsoft.com/fwlink/?LinkId=22409=22409
How Microsoft Does Patch Management How Microsoft Does Patch Management using SMS 2003 using SMS 2003 http://http://go.microsoft.com/fwlink/?LinkIdgo.microsoft.com/fwlink/?LinkId=22409=22409
SMS 2003 SMS 2003 Patch ManagementPatch Management
AssessAssess IdentifyIdentify DeployDeploy
MYSUSPRODUCTION Windows 2000 DC
SUS 1.0 SP110.0.0.110
WINDOWS UPDATE
MYW2K3TESTWindows 2003SUS 2.0 BETA
10.0.0.200MYSUSTESTWindows 2003SUS 1.0 SP1
MBSA 1.210.0.0.100
MYSMS2003Windows 2000
SMS 2003SQL Server10.0.0.210
MYWEBPRODUCTIONWindows 2000
IIS 5.010.0.0.220
MYXPPRODUCTIONWindows XP Pro SP1
Office XPMBSA 1.1.110.0.0.130
CONTOSO.COM
WindowsUpdate
Choosing A Patch Management SolutionChoosing A Patch Management Solution
Choose the solution that provides the best balance of functionality Choose the solution that provides the best balance of functionality versus versus
IT resource constraints for your specific needsIT resource constraints for your specific needs
IT Resources* & Administration Skill LevelIT Resources* & Administration Skill Level
Bre
ad
th o
f F
un
cti
on
alit
yB
rea
dth
of
Fu
nc
tio
na
lity
SUS
SMS
LowLow HighHigh
HighHigh
*People and budget*People and budgetNote: These slides refer to choosing a solution for updating Windows, hence they do not refer to Office UpdateNote: These slides refer to choosing a solution for updating Windows, hence they do not refer to Office Update
Customer Customer TypeType ScenarioScenario Customer Customer
ChoosesChooses
Large or Large or Medium Medium EnterpriseEnterprise
Want single flexible patch management solution with Want single flexible patch management solution with extended level of control to patch & update (+ distribute) extended level of control to patch & update (+ distribute) all softwareall software
SMSSMS
Want patch management solution with basic level of Want patch management solution with basic level of control that updates Windows 2000 and newer versions* control that updates Windows 2000 and newer versions* of Windows**of Windows**
SUSSUS
Small Small BusinessBusiness
Have at least 1 Windows server and 1 IT administrator**Have at least 1 Windows server and 1 IT administrator** SUSSUS
All other scenariosAll other scenarios Windows Windows UpdateUpdate
ConsumerConsumer All scenariosAll scenarios Windows Windows UpdateUpdate
*Windows 2000, Windows XP, Windows Server 2003*Windows 2000, Windows XP, Windows Server 2003
**Customer uses Windows Update or manual process for other OS versions & applications software**Customer uses Windows Update or manual process for other OS versions & applications software
Choosing A Patch Management SolutionChoosing A Patch Management SolutionTypical Customer DecisionsTypical Customer Decisions
CapabilityCapability Windows UpdateWindows Update SUS 1.0SUS 1.0 SMS 2003SMS 2003
Supported Supported Platforms Platforms for Contentfor Content
NT 4.0, Win2K, NT 4.0, Win2K, WS2003, WinXP, WS2003, WinXP, WinME, Win98WinME, Win98
Win2K, WS2003, Win2K, WS2003, WinXPWinXP
NT 4.0, Win2K, WS2003, NT 4.0, Win2K, WS2003, WinXP, Win98WinXP, Win98
Supported Content Supported Content TypesTypes
All patches & service All patches & service packs (SPs) for the packs (SPs) for the aboveabove
Only security, Only security, critical, & security critical, & security rollup patches + SPs rollup patches + SPs for the abovefor the above
All patches, SPs & updates All patches, SPs & updates for the above + supports for the above + supports patch, update & app installs patch, update & app installs for MS & other appsfor MS & other apps
Granularity of ControlGranularity of Control
Targeting Content Targeting Content to Systemsto Systems NoNo NoNo YesYes
Network Bandwidth Network Bandwidth OptimizationOptimization NoNo Yes Yes (for patch (for patch
deployment)deployment)Yes Yes (for patch deployment & (for patch deployment & server synchronization)server synchronization)
Patch Distribution Patch Distribution ControlControl NoNo BasicBasic AdvancedAdvanced
Patch Installation & Patch Installation & Scheduling Scheduling FlexibilityFlexibility
Manual, end user Manual, end user controlledcontrolled
Administrator (auto) Administrator (auto) or user (manual) or user (manual) controlledcontrolled
Administrator control with Administrator control with granular scheduling granular scheduling capabilitiescapabilities
ReportingReporting NoNo LimitedLimited Comprehensive Comprehensive (install status, (install status, result, and compliance details)result, and compliance details)
Additional Software Distribution CapabilitiesAdditional Software Distribution Capabilities
Deployment Deployment PlanningPlanning NoNo NoNo YesYes
Inventory MgmtInventory Mgmt NoNo NoNo YesYes
Compliance Compliance CheckingChecking NoNo NoNo YesYes
Mobile Device Mobile Device SupportSupport NoNo NoNo YesYes
Co
re P
atc
h M
ana
ge
men
t C
apab
iliti
es
Adopt a Patch Management SolutionAdopt a Patch Management Solution
*Microsoft does not endorse or recommend a specific patch management product or company*Microsoft does not endorse or recommend a specific patch management product or company
Note: Enterprise Systems Management products such as IBM Tivoli, CA Unicenter, BMC Patrol, and HP OpenView Note: Enterprise Systems Management products such as IBM Tivoli, CA Unicenter, BMC Patrol, and HP OpenView may also provide patch management functionality may also provide patch management functionality
At Microsoft, our #1 concern is the security and At Microsoft, our #1 concern is the security and availability of your IT environmentavailability of your IT environment
If none of the Microsoft patch management solutions meet your needs If none of the Microsoft patch management solutions meet your needs consider implementing a solution from another vendorconsider implementing a solution from another vendor
Partial list of available products:Partial list of available products:
Company NameCompany Name Product NameProduct Name Company URLCompany URL
Altiris, Inc. Altiris, Inc. Altiris Patch ManagementAltiris Patch Management http://www.altiris.comhttp://www.altiris.com
BigFix, Inc.BigFix, Inc. BigFix Patch ManagerBigFix Patch Manager http://www.bigfix.comhttp://www.bigfix.com
Configuresoft, Inc.Configuresoft, Inc. Security Update ManagerSecurity Update Manager http://http://www.configuresoft.comwww.configuresoft.com
Ecora, Inc.Ecora, Inc. Ecora Patch ManagerEcora Patch Manager http://www.ecora.comhttp://www.ecora.com
GFI Software, Ltd.GFI Software, Ltd. GFI LANguard Network Security GFI LANguard Network Security Scanner Scanner http://www.gfi.comhttp://www.gfi.com
Gravity Storm Software, Gravity Storm Software, LLCLLC Service Pack Manager 2000Service Pack Manager 2000 http://http://
www.securitybastion.comwww.securitybastion.com
LANDesk Software, LtdLANDesk Software, Ltd LANDesk Patch ManagerLANDesk Patch Manager http://www.landesk.comhttp://www.landesk.com
Novadigm, Inc.Novadigm, Inc. Radia Patch ManagerRadia Patch Manager http://www.novadigm.comhttp://www.novadigm.com
PatchLink Corp.PatchLink Corp. PatchLink UpdatePatchLink Update http://www.patchlink.comhttp://www.patchlink.com
Shavlik TechnologiesShavlik Technologies HFNetChk ProHFNetChk Pro http://www.shavlik.comhttp://www.shavlik.com
St. Bernard SoftwareSt. Bernard Software UpdateExpertUpdateExpert http://www.stbernard.comhttp://www.stbernard.com
RoadmapRoadmap
Manual / Script Manual / Script Based UpdatingBased Updating
WindowWindowss
UpdateUpdate
DownloDownload ad
CenterCenter WindowWindowss
UpdateUpdateMicrosMicrosoftoft
UpdateUpdate
DownloDownload ad
CenterCenter
Update Content Repositories and Online Update Content Repositories and Online ServicesServices
Q4/2003Q4/2003 Q2/2004Q2/2004SMS 2003 FPSMS 2003 FPTime frameTime frame
LonghornLonghornTime frameTime frame
WindowWindowss
UpdateUpdateMicrosMicrosoftoft
UpdateUpdate
SUS 2.0SUS 2.0
SMS SMS 2003 2003 withwith
Feature Feature PackPack
SUS N.0SUS N.0
Windows ServerWindows ServerLonghornLonghorn
OfficeOfficeInventory Inventory
ToolTool
SUS 1.0SUS 1.0
SMS 2.0 SMS 2.0 withwith
Feature Feature PackPack
SMS 2003SMS 2003
SUS SUS 2.0 2.0
Client*Client*
In-houseIn-housedevelopedevelope
ddapps apps
updateupdaterepositorrepositor
yy
33rdrd party party appsapps
update update repositoryrepository
Update Management ProductsUpdate Management Products
System System CenterCenter
33rdrd Party / Party /In-house In-house
ToolsTools
OfficeOfficeUpdateUpdate
MBSA 1.2MBSA 1.2(includes OIT)(includes OIT)
MBSA 1.1.1MBSA 1.1.1
Standalone Update Scanning ToolsStandalone Update Scanning ToolsOfficeOffice
Inventory Inventory ToolTool
MBSA 1.1.1MBSA 1.1.1
MBSA 2.0MBSA 2.0
SummarySummary Addressing the patch management issue is a top priorityAddressing the patch management issue is a top priority
Taking a comprehensive, tactical & strategic approachTaking a comprehensive, tactical & strategic approach
Made progress, but much more work to be doneMade progress, but much more work to be done
Microsoft focused on:Microsoft focused on: Reducing the number of vulnerabilities & associated patchesReducing the number of vulnerabilities & associated patches
Improving customer preparedness, training & communicationImproving customer preparedness, training & communication
Simplifying & standardizing the patching experienceSimplifying & standardizing the patching experience
Improving patch qualityImproving patch quality
Unifying and strengthening patch management offeringsUnifying and strengthening patch management offerings
Key Recommendations:Key Recommendations: Implement a good patch management process – it’s the key to Implement a good patch management process – it’s the key to
successsuccess
Adopt a patch management solution that best fits your needsAdopt a patch management solution that best fits your needs
Make use of the resources detailed in these slidesMake use of the resources detailed in these slides
Security Is Only As Strong As The Weakest Security Is Only As Strong As The Weakest LinkLink
Technology is neither the whole Technology is neither the whole problem nor the whole solutionproblem nor the whole solution
Secure systems depend upon Secure systems depend upon Technology, Processes and PeopleTechnology, Processes and People
Beyond PatchingBeyond Patching
Defense-in-Depth StrategyDefense-in-Depth Strategy
Data and Resources
Application
OS and Services
Network
Perimeter
Ass
ume
Prio
r La
yers
Fai
l
Make corporations & perimeters Make corporations & perimeters more resilient to attack, even more resilient to attack, even
when patches are not installedwhen patches are not installed
Help stop known & unknown Help stop known & unknown vulnerabilitiesvulnerabilities
Goal: Make 7 out of every 10 patches Goal: Make 7 out of every 10 patches installable on your scheduleinstallable on your schedule
Beyond PatchingBeyond Patching
Client Shielding EnhancementsClient Shielding Enhancements
Security enhancements that protect Security enhancements that protect computers, even without patches; Included in computers, even without patches; Included in Win XP SP2 (H104) with more to followWin XP SP2 (H104) with more to follow
Helps stop network-based attacks, file Helps stop network-based attacks, file attachment viruses and buffer overrunsattachment viruses and buffer overruns
Network Protection: Improved ICF Network Protection: Improved ICF protection turned on by defaultprotection turned on by default
Safer email: Improved attachment Safer email: Improved attachment blocking for Outlook Express and IMblocking for Outlook Express and IM
Safer browsing: Better user controls to Safer browsing: Better user controls to prevent malicious ActiveX controls and prevent malicious ActiveX controls and SpywareSpyware
Memory Protection: Improved compiler Memory Protection: Improved compiler checks (/GS) to reduce stack overrunschecks (/GS) to reduce stack overruns
What it isWhat it is
What it doesWhat it does
Key FeaturesKey Features
Enterprise Shielding EnhancementsEnterprise Shielding Enhancements Enterprise QuarantineEnterprise Quarantine
Only clients that meet corporate security Only clients that meet corporate security standards are allowed to connect; included in standards are allowed to connect; included in Win 2003 SP1 (H204) with more to followWin 2003 SP1 (H204) with more to follow
Protects enterprise assets from infected Protects enterprise assets from infected computerscomputers
Enforces specific corporate security Enforces specific corporate security requirements such as patch level, AV requirements such as patch level, AV signature state and firewall statesignature state and firewall state
Ensure these standards are met whenEnsure these standards are met when VPN connections are made by remote VPN connections are made by remote
clientsclients Wired or wireless connections are made Wired or wireless connections are made
by rogue and transient clientsby rogue and transient clients
What it isWhat it is
What it doesWhat it does
Key FeaturesKey Features
Continue Improving QualityContinue Improving QualityTrustworthy Computing Release ProcessTrustworthy Computing Release Process
M1
M2
Mn
Beta
DesignD
evel
op
men
t
Release
Support
SecurityReview
SecurityReview
Each component team develops threat Each component team develops threat models, ensuring that design blocks models, ensuring that design blocks applicable threatsapplicable threats
Develop & Test
Develop & Test
Apply security design & coding standardsApply security design & coding standards Tools to eliminate code flaws (PREfix & Tools to eliminate code flaws (PREfix &
PREfast)PREfast) Monitor & block new attack techniquesMonitor & block new attack techniques
Security Push
Security Push
Team-wide stand downTeam-wide stand down Threat model updates, code review, test & Threat model updates, code review, test &
documentation scrubdocumentation scrub
Security Audit
Security Audit
Analysis against current threatsAnalysis against current threats Internal & 3Internal & 3rdrd party penetration testing party penetration testing
Security ResponseSecurity
Response
Fix newly discovered issuesFix newly discovered issues Root cause analysis to proactively find Root cause analysis to proactively find
and fix related vulnerabilitiesand fix related vulnerabilities
Design docs & specifications
Development, testing &
documentation
Product
Service Packs,QFEs
2 patch 2 patch installers; installers; rollbackrollbackPatching Patching enhancemenenhancementstsSUS 2.0SUS 2.0SMS 2003SMS 2003More More guidance guidance and trainingand training
Integrated Integrated host host security security technologitechnologiesesNGSCBNGSCBWindows Windows hardeninghardeningMore More guidance guidance and trainingand training
Tools & Tools & PatchingPatching
Next-Next-Generation Generation
SecuritySecurityMonthly Monthly patch patch releasesreleasesGuidance Guidance & training& trainingHow How Microsoft Microsoft runs runs MicrosoftMicrosoftSupport for Support for W2K SP2 & W2K SP2 & NT4 SP6aNT4 SP6a
GuidanceGuidance
0 – 9 0 – 9 monthsmonths
9 – 12 9 – 12 monthsmonths FutureFuture
Security RoadmapSecurity Roadmap
TodayToday
Shield Shield technologietechnologies for client s for client and serverand server““MS Update”MS Update”
More More guidance guidance and trainingand training
ShieldsShields
Security Is Only As Strong As The Weakest Security Is Only As Strong As The Weakest LinkLink
Technology is neither the whole Technology is neither the whole problem nor the whole solutionproblem nor the whole solution
Secure systems depend upon Secure systems depend upon Technology, Processes and PeopleTechnology, Processes and People
© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.