Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Slides:

Advertisements

Similar presentations

Security Update Server Registration, Active scanning and Windows patching.

Advertisements

Microsoft Forefront Client Security

WSUS Presented by: Nada Abdullah Ahmed.

WSUS Windows Update Services

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Maintaining and Updating Windows Server 2008

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

How To Keep Up With Security Patches Eric Schultze Security Strategies Microsoft.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Patch Management Module 13. Module You Are Here VMware vSphere 4.1: Install, Configure, Manage – Revision A Operations vSphere Environment Introduction.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

IT:Network:Microsoft Applications

SUS Services ECE Computer Facilities. SUS Services Software Update Services Microsoft Security And Critical Update Service Microsoft Security And Critical.

Module 16: Software Maintenance Using Windows Server Update Services.

16.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 16: Examining Software Update.

SYSTEM CENTER: ENDPOINT PROTECTION FUNDAMENTALS Howard A. Carter III Senior Consultant Microsoft Consulting Services September 21, 2013 TechGate 2013 –

Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Guide to MCSE , Enhanced 1 Activity 10-1: Restarting Windows Server 2003 Objective: to restart Windows Server 2003 Start  Shut Down  Restart Configure.

Patch Management drill down Steven Hope Lead Technical Security Specialist

Managing CERN Desktops with Systems Management Server (SMS 2003) Michel Christaller Internet Services Group Department of Information Technology CERN May.

SOE and Application Delivery Gwenael Moreau, Abbotsleigh.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Real Security for Server Virtualization Rajiv Motwani 2 nd October 2010.

Module 1: Installing Windows XP Professional. Overview Manually Installing Windows XP Professional Automating a Windows XP Professional Installation Using.

Chapter 2: Installing and Upgrading to Windows Server 2008 R2 BAI617.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

IT:Network:Microsoft Server 2 Chapter 27 WINDOWS SERVER UPDATE SERVICES.

© 2010 VMware Inc. All rights reserved Patch Management Module 13.

Security Overview for Microsoft Infrastructures Fred Baumhardt and James Noyce Infrastructure Solutions and Security Solutions Teams Microsoft Security.

Module 13: Maintaining Software by Using Windows Server Update Services.

Virtual techdays INDIA │ 9-11 February 2011 Security Discussion: Ask the Experts M.S.Anand │ MTC Technology Specialist │ Microsoft Corporation Anirudh.

CIS 460 – Network Design Seminar Network Security Scanner Tool GFI LANguard.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

Module 14: Configuring Server Security Compliance

The Microsoft Baseline Security Analyzer A practical look….

1 Vulnerability Analysis and Patches Management Using Secure Mobile Agents Presented by: Muhammad Awais Shibli.

FNAL System Patching Design Jack Schmidt, Al Lilianstrom, Andy Romero, Troy Dawson, Connie Sieh (Fermi National Accelerator Laboratory) Introduction FNAL.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

Migration from Software Update Services to Windows Server Update Services Jeff Alexander IT Pro Evangelist Microsoft Australia Scott Korman WSUS MVP SEC316.

1 Objectives Windows Firewalls with Advanced Security Bit-Lock Update and maintain your clients using Windows Server Update Service Microsoft Baseline.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Operating Systems Networking for Home and Small Businesses – Chapter.

Information Security What is Information Security?

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.

Microsoft Management Seminar Series SMS 2003 Change Management.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

1 OFF SYMB - 12/7/2015 Firewalls Basics. 2 OFF SYMB - 12/7/2015 Overview Why we have firewalls What a firewall does Why is the firewall configured the.

Rob Davidson, Partner Technology Specialist Microsoft Management Servers: Using management to stay secure.

Virtual Machine Management Challenges What are Solution Accelerators? Offline Virtual Machine Servicing Tool Next Steps.

11 IMPLEMENTING AND MANAGING SOFTWARE UPDATE SERVICES Chapter 7.

May 30 th – 31 st, 2007 Chateau Laurier Ottawa. Getting it Done: Understanding the Security Features of Windows Vista Kai Axford, CISSP, MCSE-Security.

How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.

Internet Explorer 7 Updated Advice for the NHS 04 February 2008 Version 1.3.

GFI LANguard Matt Norris Dave Hone Chris Gould. GFI LANguard: Description Through the performances of the three (3) cornerstones of vulnerability management:

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

By the end of this lesson you will be able to: 1. Determine the preventive support measures that are in place at your school.

Maintaining and Updating Windows Server 2008 Lesson 8.

11 DEPLOYING AN UPDATE MANAGEMENT INFRASTRUCTURE Chapter 6.

Self-service enrollment for Windows desktops

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Security through Group Policy

Module 1: Overview of Systems Management Server 2003

Implementing Security Patch Management

Presentation transcript:

Patching MIT SUS Services IS&T Network Infrastructure Services Team

Security Risk Management Having a Strategic Security Program Threat: A threat is any potential danger to information or systems. Threat agent: A threat agent is the person or process attacking the network through a vulnerable port on the firewall, or a process used to access data in a way that violates your security policy. Vulnerability: A vulnerability is a software, hardware, or procedural weakness that may provide an attacker or threat agent with an opportunity to enter a computer or network and gain unauthorized access to resources within the environment Risk: A risk is the likelihood of a threat agent taking advantage of a vulnerability. It is the potential for loss or the probability that a threat will exploit a vulnerability. Exposure: An exposure occurs when a threat agent exposes a company asset to potential loss. A vulnerability can cause an organization to be exposed to possible damages. Countermeasure: A countermeasure, or safeguard, mitigates a risk. Countermeasures include software configurations, hardware, or procedures that eliminate a vulnerability or reduce the risk of a threat agent from being able to exploit a vulnerability. PROACTIVE!

Microsoft Software Update Services (SUS) The accelerating lifecycle of a security patch Introduction to Software Update Services Features/Components – SUS Server – Client

The accelerating lifecycle of a security patch Frequency between new vulnerabilities Time the vendor has to release a patch Time between publication and exploit code Time for the Administrator or End User to patch Number of products to patch

Introduction to Software Update Services Automate: Keep Windows up-to-date with the latest critical and security patches Simplify: The patch management process - MBSA Schedule Update times Deploy: Reach clients that are not part of a Windows Domain

Overview Microsoft AutoUpdates vs. SUS WindowsUpdate SUS server updates Sync Updates Automatic Updates Client Configured by Admin InternetIntranet

Features/Components SERVER: SUS – Automatic Updates on computers (desktops or servers) – An internally-hosted Windows Update server – An internally -controlled content synchronization service – Administrator control over updates – Multi-language support - Localized in 24 languages – Digital signatures on downloaded content – Server-side logging – Log of client status

Load balancing SUS at MIT Microsoft’s SUS Sync Windows Update SUS F5 (Big IP)

Features/ Components (2) CLIENT: Automatic Updates – Installed on computers on the network – Checks SUS server or public WU for updates regularly – Auto-download and install updates under admin control – Automatically download and install critical updates – Consolidate multiple reboots into a single oneNotify local administrator on the machine about pending updates – Notify logged-on users about pending reboots – Configured using Registry keys – Supports Group Policy – Downloads are done in the background using BITS technology

MBSA Free tool that scans for common security misconfigurations and missing security updates – GUI and command-line interface (CLI) – Perform security update portion of scan against local SUS server Scans for approved updates on SUS server instead of all available updates – User interface: MBSA reads registry for SUS server information, or user manually enters it – CMD LINE mbsacli.exe /sus

Client Configuration – With Active Directory (using Group Policy) ADM file – WUAU.adm Client behavior and SUS server selection can be configured – Without Active Directory (but central tool) Script to deploy the registry policy keys Website Demo: