Presentation is loading. Please wait.

Presentation is loading. Please wait.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Published byMelvin Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure."— Presentation transcript:

1 Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure

2 2 Agenda  Using Management Tools to Help with Security  SMS  Patch Management (Client, Server)  How partners can do to help customers  MOM  Monitoring your networks security  What partners can do to help  Summary / Q&A

3 3

4 4 Microsoft IT SMS 2003 Core Usage Scenarios  Asset management  Patch management  Software distribution  Software metering  Security Patches  File collection  Targeted Deployments

5 5 Patch Management Framework 1. Assess Environment to be Patched Periodic Tasks A. Create/maintain baseline of systems B. Access patch management architecture (is it fit for purpose) C. Review Infrastructure/ configuration Ongoing Tasks A. Discover Assets B. Inventory Clients 1. Assess 2. Identify 4. Deploy 3. Evaluate & Plan 2. Identify New Patches Tasks A. Identify new patches B. Determine patch relevance (includes threat assessment) C. Verify patch authenticity & integrity (no virus: installs on isolated system) 3. Evaluate & Plan Patch Deployment Tasks A. Complete patch acceptance testing B. Obtain approval to deploy patch C. Perform risk assessment D. Plan patch release process 4. Deploy the Patch Tasks A. Distribute and install patch B. Report on progress C. Handle exceptions D. Review deployment

6 Desktop Patch Management

7 7  Overview  Benefits of SMS 2003 patch management  Best practices

8 8 Benefits of Using SMS Patch Management  Proactive Monthly Patching and Compliance Process  Catch security issues before they affect productivity  Minimize the cost of alternate compliance processes  Packaging is Automated  No custom scripting and testing  Faster time to market  Centralized Patch and Compliance Method  Used across the company  Leverage Existing Resources  Uses SMS server infrastructure  Uses SMS administrators

9 9 Weds10:00AM Thurs 5:00 AM Fri2:00PM 5:00PM 5:00PM 5:00PM 5:00PM 12%30% Vulnerable Clients 6%5%3% Microsoft IT Multiple-Prong Approach Managed and Unmanaged Environment High Client Impact Method Low Client Impact Emergency client patch timeline Windows Update (Optional) Email & ITWeb Notification (Optional) SMS Patch Management (Voluntary >Forced) Logon Script (Forced) Internal Scanning Tool (Forced) Port Shutdowns

10 10 Best Practices to Enhance Patch Management  Great technology, great processes, great people  SMS Client Health Management Plan  Manage using a scorecard  Investigate by collecting client logs  Repair thru logon script logic  SMS Client Coverage Management Plan  Boundary Management  Client Count Trending  SMS Infrastructure Management Plan  MOM Management Pack for SMS

11 Server Patch Management

12 12 Servers…  Target Key Servers  Not all Servers need all patches  A server that will not run IIS may not need to have IIS patches applied…  Know when reboot is required (Plan it)  Backup / Recovery Plan (Ready)

13 13 Partner Opportunities  Security is the #1 priority  Executive support is critical  The process is just as critical as the implementation of the technology  Security Assessments  What if? Planning and Recovery?  HW and SW inventory frequency increased for patch compliance reporting  Scalable Solution (Start small and grow)  Assistance with MSUS – SMS choices

14 14

15 15 Polices, Procedures & Awareness MOM and Security Management Physical Security Internal Network Perimeter Host Application Data  MOM 2005 is a platform  Monitoring vs. Administration MOM Management Packs Operational Data

16 16 MOM 2005 Security Features  Secure by default  Role based security  Channel security  Support for more firewall scenarios  More…

17 17 More Security Features  MBSA Management Pack  Scans for common security misconfigurations  Needs admin level privileges  Task execution “auditing”  What task was run  When it was run  By which user  Against which computers  Whether or not it was successful

18 18 Partner Opportunities  Mom Install Configuration  Security Auditing, who, what, when  Analysis  Well Managed is Secure

19 19 Resources  http://www.microsoft.com/security http://www.microsoft.com/security  http://www.microsoft.com/sms http://www.microsoft.com/sms  http://www.microsoft.com/mom http://www.microsoft.com/mom

20 20 © 2004 Microsoft Corporation. All rights reserved. This whitepaper presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, SharePoint, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Download ppt "Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure."

Similar presentations

The System Center Family Microsoft. Mobile Device Manager 2008.

The System Center Family Microsoft. Mobile Device Manager 2008.
Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.

Introduction to Systems Management Server 2003 Tyler S. Farmer Sr. Technology Specialist II Education Solutions Group Microsoft Corporation.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Operational MS Tibor Kolejak Regional IT Site Manger Microsoft Czech Republic Tibor Kolejak Regional IT Site Manger Microsoft Czech Republic.

Operational MS Tibor Kolejak Regional IT Site Manger Microsoft Czech Republic Tibor Kolejak Regional IT Site Manger Microsoft Czech Republic.
Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd

Managing a Windows Server 2003 Environment - SMS and MOM Michael Kleef IT Pro Evangelist Microsoft Pty Ltd
Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.

Chris Sfanos Program Manager Forefront Client Security Microsoft Session Code: SW17.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Tech·Ed North America /19/2017 7:21 AM

Tech·Ed North America /19/2017 7:21 AM
Managing LOB Applications by Using System Center Operations Manager Published: March 2007.

Managing LOB Applications by Using System Center Operations Manager Published: March 2007.
Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.

Exchange 2010 Overview Name Title Group. What You Tell Us Communication overload Globally distributed customers and partners High cost of communications.
Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)

Windows XP Professional Deployment and Support Microsoft IT Shares Its Experiences Published: May 2002 (Revised October 2004)
Understanding Active Directory

Understanding Active Directory
TechNet Build’06 “The Secure Well Managed Infrastructure Tour”

TechNet Build’06 “The Secure Well Managed Infrastructure Tour”
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Wally Mead Senior Program Manager Microsoft Corporation.

Wally Mead Senior Program Manager Microsoft Corporation.
Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.

Windows ® Powered NAS. Agenda Windows Powered NAS Windows Powered NAS Key Technologies in Windows Powered NAS Key Technologies in Windows Powered NAS.

Similar presentations

Ads by Google