Presentation on theme: "Patch Management Patch Management in a Windows based environment Personal Solutions vs. Enterprise Solutions By Maurice Kirkmanbey System Administrator."— Presentation transcript:
Patch Management Patch Management in a Windows based environment Personal Solutions vs. Enterprise Solutions By Maurice Kirkmanbey System Administrator CISSP, MCSE/MCSA/MCITP 14 Jun 2008
Overview Windows update service is an online resource that provides updates to its Windows operating system over time. As vulnerabilities are discovered and other weakness in the OS are exposed, patch management (PM) along with other protection strategies are integrated in providing a defensive perimeter to protect the personal or enterprise network.
Objectives Understand Patch Management in a personal/enterprise environment Discuss Microsofts terminology Design a personal solution for PM Design an enterprise solution for PM Demonstrate basic concepts and strategies in PM
PM Defined Patch management maintains the OS while improving performance, stability and providing enhancements over the lifecycle of the operating system. Maintaining system integrity, availability, and when possible accountability is essential for personal and enterprise computing. However, enterprise systems rely heavily on accountability and confidentiality as an integral part of its computing environment.
PM Strategy PM is a foundation Strategy Blaster worm released 26 days after Microsoft reported the vulnerability* From Microsoft This Week: MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code Execution (951376) MS Rating: CriticalCritical - Impact of Vulnerability: Remote Code Execution MS08-031: Cumulative Security Update for Internet Explorer (950759) MS Rating: CriticalCritical - Impact of Vulnerability: Remote Code Execution *Source: Fontana, John. (2003). How to Handle Patch Management. Network World. Retrieved from the world wide web on 13 Jun 2008 from
Defense in Depth Defending your OS Passive vs. active attacks Denial of service Privilege escalation Versions of Buffer overflow attacks Remote code Execution
Defense in Depth PM alone will not defend against: A person who has physical access to system in your home or office. Establish covert communications channel authorized on the system Cyber terrorism Malicious code/Malware/Malicious Software Worms Viruses Buffer overflow attack vulnerability Spam definitions, junk mail options Default enabled functionality
Terminology Security Updates Critical Updates Hot fixes Service Packs
Considerations Bandwidth Issues Topology issues Versioning control
Admin Tools Windows Update (online) WSUS (Enterprise Tool) Microsoft Baseline Security Analyzer
The Online Windows Update Access Windows Update Scan, Select and download updates: Express or Custom Follow Prompts to install updates Configures the updates you install
Personal Patch management: Configuring an individual Computer START>Control Panel >Automatic Updates Four Choices: Automatic (and Install) Frequency and Time Download Updates, but let me choose when to install (auto restart may still occur) Notify Me, but dont automatically install Turn off automatic updates (not recommended)
BASE CONCEPT of PM
MS Redmond Personal PM
Mid Day Administrator's Nightmare Hmmmm…… , Web server, Domain Controllers etc….
Enterprise Patch Management: WSUS Central Management (CONTROL) Incremental or full approval process Reduced bandwidth consumption Supported products isolation: ie. W2K, WIN 2003/XP/Visa Selected languages Reporting tools and summarization Client Deployment by groups, specials needs
WSUS in Action
PM Enterprise Design MS Redmond LA WSUS 700 Clients 25 Clients 500 Clients RDU WSUS NY WSUS Chicago WSUS
Demo Personal PM Enterprise PM (WIN2003 SBS)
Summary Patch management Automated tools Layered defense strategy Centralized control Client auditing Information Assurance