Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kai Axford, CISSP, MCSE-Security TechNet Presenter Microsoft Corporation Implementing Security Update Management.

Published byClyde Franklin Modified over 8 years ago

Similar presentations

Presentation on theme: "Kai Axford, CISSP, MCSE-Security TechNet Presenter Microsoft Corporation Implementing Security Update Management."— Presentation transcript:

1 Kai Axford, CISSP, MCSE-Security TechNet Presenter Microsoft Corporation kaiax@microsoft.com Implementing Security Update Management

2 Who is Kai Axford? Employed at Microsoft for 6+ yearsEmployed at Microsoft for 6+ years Currently enrolled in MBA: Information Assurance program at Univ of DallasCurrently enrolled in MBA: Information Assurance program at Univ of Dallas Former Squad Leader with the 75 th Ranger RegimentFormer Squad Leader with the 75 th Ranger Regiment Over 200+ live security events and webcasts including TechEd, COMDEX, Microsoft Security Summits, etc.Over 200+ live security events and webcasts including TechEd, COMDEX, Microsoft Security Summits, etc. …and a HUGE Green Bay Packers fan!…and a HUGE Green Bay Packers fan!

3 Session Prerequisites Hands-on experience with Microsoft ® Windows ® 2000 Server ™ or Microsoft ® Windows Server 2003™ management tools Level 200

4 Agenda Update Management OverviewUpdate Management Overview Update Management ProcessUpdate Management Process Update Management ToolsUpdate Management Tools

5 Business Case for Update Management DowntimeDowntime Remediation timeRemediation time Questionable data integrityQuestionable data integrity Lost credibilityLost credibility Negative public relationsNegative public relations Legal defensesLegal defenses Stolen intellectual propertyStolen intellectual property

6 Product shipped VulnerabilitydiscoveredVulnerabilitydiscovered Update made available Update deployed by customer Update deployed by customer VulnerabilitydisclosedVulnerabilitydisclosed Most attacks occur here Understanding the Vulnerability Timeline

7 Product shipped VulnerabilitydiscoveredVulnerabilitydiscovered Update made available Update deployed by customer Update deployed by customer VulnerabilitydisclosedVulnerabilitydisclosed Most attacks occur here Malware Attack Days Between Update and Exploit Nimda331 SQL Slammer 180 Welchia/Nachi151 Blaster25 Sasser14 Understanding the Exploit Time Line

8 Microsoft Update Severity Ratings See “Microsoft Security Bulletin Search” on the Microsoft TechNet Web site RatingDefinition Critical Exploitation could allow the propagation of an Internet worm with user action Important Exploitation could result in compromise of user data or the availability of processing resources Moderate Exploitation is serious, but is mitigated to a significant degree by default configuration, auditing, need for user action, or difficulty of exploitation Low Exploitation is extremely difficult or impact is minimal

9 Update Time Frames Severity Rating Recommended Update Time Frame Recommended Maximum Update Time Frame Critical Within 24 hours Within two weeks Important Within one month Within two months Moderate Depending on expected availability, wait for next service pack or update rollup that includes the update, or deploy the update within four months Deploy the update within six months Low Depending on expected availability, wait for next service pack or update rollup that includes the update, or deploy the update within one year Deploy the update within one year, or choose not to deploy at all

10 Improving the Updating Experience Your Need Microsoft Response Reduce update frequency Reduced frequency of non-emergency update releases from once per week to once per month Reduce updating complexity Reduced number of update installer technologies Reduce risk of update deployment Improved update quality and introduced update rollback capability Reduce update size Developed “delta updating” technology to reduce update size Improve tool consistency Developing consistent tools Improve tool capabilities Developing more capable tools

11 Identifying Common Malware Defense Methods Malware Attack Defense Method Mydoom Block port 1034 Update antivirus signatures Implement application security Sasser Block ports 445, 5554, and 9996 Install the latest security update Blaster Install the latest security update Block TCP ports 135, 139, 445, and 593 and UDP ports 135, 137, and 138, and also block UDP ports 69 (TFTP) and TCP 4444 for remote command shell. Update antivirus signatures SQL Slammer Install the latest security update Block UDP port 1434 Download.Ject Install the latest security update Increase security on the Local Machine zone in Internet Explorer Clean any infections related to IIS

12 What Is Defense-in-Depth? Using a layered approach: Increases an attacker’s risk of detectionIncreases an attacker’s risk of detection Reduces an attacker’s chance of successReduces an attacker’s chance of success Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devices Physical security Application hardening Application OS hardening, authentication, update management, antivirus updates, auditing Host Network segments, IPSec, NIDS Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, encryption, EFS, backup and restore strategy Data Security policies, procedures, and education Policies, procedures, and awareness Guards, locks, tracking devices Physical security Application hardening Application OS hardening, authentication, update management, antivirus updates, auditing Host Network segments, IPSec, NIDS Internal network Firewalls, boarder routers, VPNs with quarantine procedures Perimeter Strong passwords, ACLs, encryption, EFS, backup and restore strategy Data

13 Update Management Process Update Management OverviewUpdate Management Overview Update Management ProcessUpdate Management Process Update Management ToolsUpdate Management Tools

14 Effective Processes Effective Operations Tools and Technologies Project management, four-phase update management process Products, tools, automation People who understand their roles and responsibilities Requirements for Successful Update Management

15 Update Management Process Assess Inventory computing assets Assess threats and vulnerabilities Determine the best source for information about new updates Assess your software distribution infrastructure Assess operational effectiveness Inventory computing assets Assess threats and vulnerabilities Determine the best source for information about new updates Assess your software distribution infrastructure Assess operational effectiveness 1 1 Identify Discover new updates Determine whether updates are relevant to your environment Obtain update, confirm it is safe Determine if update is a normal change or an emergency Discover new updates Determine whether updates are relevant to your environment Obtain update, confirm it is safe Determine if update is a normal change or an emergency 2 2 Evaluate and Plan Determine whether the update is actually required Plan the release of the update Build the release Perform acceptance testing Determine whether the update is actually required Plan the release of the update Build the release Perform acceptance testing 3 3 Deploy Prepare for deployment Deploy the update to targeted computers Review the deployment Prepare for deployment Deploy the update to targeted computers Review the deployment 4 4 4 Deploy 1 Assess 1 Assess 2 Identify 3 Evaluate and Plan Assess Inventory computing assets Assess threats and vulnerabilities Determine the best source for information about new updates Assess your software distribution infrastructure Assess operational effectiveness Deploy Prepare for deployment Deploy the update to targeted computers Review the deployment Evaluate and Plan Determine whether the update is actually required Plan the release of the update Build the release Perform acceptance testing Deploy Assess Identify Evaluate and Plan 2 2 Identify Discover new updates Determine whether updates are relevant to your environment Obtain update, confirm it is safe Determine if update is a normal change or an emergency 4 4 1 1 2 2

16 Microsoft Update Management Guidance Guide: Patch Management Process How To: Implement Patch Management How To: Use Microsoft Baseline Security Analyzer (MBSA) How To: Perform Patch Management Using SMS Microsoft Server Windows Update Services Deployment Guide The guide and articles are available on the Patch Management page of the Microsoft TechNet Web site The WSUS deployment guide is available on the Microsoft Windows Server Update Services Deployment Guide page of the Microsoft Windows Server System Web site

17 Update Management Tools Update Management OverviewUpdate Management Overview Update Management ProcessUpdate Management Process Update Management ToolsUpdate Management Tools

18 Choosing an Update Management Solution Customer type ScenarioSolutionConsumer All scenarios Microsoft Update Small organization Has no Windows servers Microsoft Update Has one to three Windows 2000 or newer servers and one IT administrator MBSA and WSUS Medium-sized or large enterprise Wants an update management solution with basic control to update Windows 2000 and newer versions of Windows MBSA and WSUS Wants a single flexible update management solution with extended level of control to update and distribute all software Systems Management Server

19 Update Management Solution for Consumers and Small Organizations Update management solution based on Protect Your PC:Update management solution based on Protect Your PC: 1.Use an Internet firewall 2.Get computer updates Microsoft UpdateMicrosoft Update 3.Use up-to-date antivirus software Deploy Microsoft ® Windows ® XP SP 2Deploy Microsoft ® Windows ® XP SP 2 See the Protect Your PC page on the Microsoft Security at Home Web siteSee the Protect Your PC page on the Microsoft Security at Home Web site

20 Configuring Automatic Updates demonstration demonstration

21 Office Update Benefits:Benefits: –Single location for Microsoft ® Office updates –Easy to use –Can download delta or full-file versions of updates Limitation:Limitation: –Does not support Automatic Updates; updating must be initiated manually The Microsoft Update site includes Office updates and supports Automatic UpdatesThe Microsoft Update site includes Office updates and supports Automatic Updates Visit the Downloads page of the Microsoft Office Online Web siteVisit the Downloads page of the Microsoft Office Online Web site

22 Size of organization Scenario Update management solution Small Has one to three servers running Windows 2000 or later and one IT administrator MBSA and WSUS Medium or large Wants an update management solution with basic level of control that updates computers running Windows 2000, Windows XP, and Windows Server 2003 and some Microsoft applications MBSA and WSUS Update Management Solution for Small and Medium-Sized Organizations

23 MBSA Benefits Scans systems for:Scans systems for: –Missing security updates –Potential configuration issues Works with a broad range of Microsoft softwareWorks with a broad range of Microsoft software Allows an administrator to centrally scan multiple computers simultaneouslyAllows an administrator to centrally scan multiple computers simultaneously MBSA is a free tool, and can be downloaded from the Microsoft Baseline Security Analyzer page on the Microsoft TechNet Web siteMBSA is a free tool, and can be downloaded from the Microsoft Baseline Security Analyzer page on the Microsoft TechNet Web site

24 MBSA Considerations Password weaknessesPassword weaknesses Guest account not disabledGuest account not disabled Auditing not configuredAuditing not configured Unnecessary services installedUnnecessary services installed IIS security issuesIIS security issues Internet Explorer zone settingsInternet Explorer zone settings Automatic Updates configurationAutomatic Updates configuration Windows XP firewall configurationWindows XP firewall configuration

25 MBSA – How It Works Windows Download Center WSUSScan.cab MBSA Computer

26 MBSA – Scan Options MBSA has two scan options:MBSA has two scan options: –MBSA graphical user interface (GUI) –MBSA standard command-line interface (mbsacli.exe) When scanning for security updates, you can configure MBSA to:When scanning for security updates, you can configure MBSA to: –Update the Microsoft Update Agent on all scanned computers –Use a WSUS server as the update source –Use Microsoft Update as the update source

27 Using the Microsoft Baseline Security Analyzer  Scan a computer using MBSA  Review an MBSA report  Examine the Mbsacli.exe command-line tool demonstration demonstration

28 WSUS Benefits Gives administrators control over update managementGives administrators control over update management –Administrators can review, test, and approve updates before deployment Simplifies and automates key aspects of the update management processSimplifies and automates key aspects of the update management process –Can be used with Group Policy, but Group Policy is not required to use WSUS Easy to implementEasy to implement Free tool from MicrosoftFree tool from Microsoft

29 Comparing SUS and WSUS Common FeaturesCommon Features –Can only update computers running Windows XP, Windows 2000, or Windows Server 2003 –No option for pushing updates – clients must pull updates from the server WSUS EnhancementsWSUS Enhancements –Expanded support for Microsoft products such as Office, SQL Server, and Exchange Server –Can create and manage computer groups –More options for managing updates –More options for configuring agents –More efficient use of network bandwidth

30 WSUS – How It Works WSUS Server Microsoft Update Client Computers Group Windows Servers Group WSUS Administrator Pilot Computers Group Firewall

31 WSUS – Deployment Scenarios Main Office WSUS Server Disconnected WSUS Server Remote Office Client Computers Main Office Client Computers Regional Client Computers Independent WSUS Server Replica WSUS Server Firewall Microsoft Update

32 WSUS – Client Component The client component of WSUS is Automatic Updates:The client component of WSUS is Automatic Updates: –Can be configured to pull updates either from corporate WSUS server or from Microsoft Update –Three ways to configure Automatic Updates: Centrally, by using Group PolicyCentrally, by using Group Policy Manually configure clientsManually configure clients Use scripts to configure clientsUse scripts to configure clients –WSUS requires a compatible Automatic Updates client

33 WSUS – Server Component The server component of WSUS is Windows Server Update Services (WSUS):The server component of WSUS is Windows Server Update Services (WSUS): –Can synchronize updates from Microsoft Update on a schedule –Provides a Web-based administrative GUI –Has several built-in default security features –Provides synchronization and update reports –Uses MSDE or SQL Server database to store update metadata, events, and settings –Interface is localized in 17 languages

34 How to Use WSUS On the WSUS server:On the WSUS server: 1.Administer the WSUS server at http:// /WSUSAdmin 2.Configure the WSUS server synchronization schedule and settings 3.Create client computer groups and assign computers 4.Review, test, and approve updates On each WSUS client:On each WSUS client: –Configure Automatic Updates on the client to use the WSUS server

35 Implementing Windows Server Update Services  Configure Windows Server Update Services  Configure Group Policy Settings for WSUS clients  Distribute updates using WSUS  View WSUS reports demonstration demonstration

36 Migrating from SUS to WSUS You can install SUS and WSUS on the same computer You can migrate updates and approvals Use the WSUSUTIL.exe command-line tool Configure the clients to use the WSUS server Use the Automatic Update self-update feature to update the client For computers running Windows XP with no Service Packs, first install the SUS Automatic Update client

37 CapabilityWSUS SMS 2003 Supported Platforms for Content Windows 2000 Windows XP Windows Server 2003 Windows NT ® 4.0 Windows 98 Windows 2000 Windows XP Windows Server 2003 Supported Content Types Security and security rollup updates, critical updates, and service packs for the above operating systems and updates for some Microsoft applications All updates, service packs, and updates for the above operating systems; supports updates and application installations for Microsoft and other applications Update Distribution Control BasicAdvanced Update Management Solution for Medium-Sized and Large Organizations

38 Systems Management Server Benefits For a full software distribution update management solution, use:For a full software distribution update management solution, use: –System Management Server 2003 or –System Management Server 2.0 with SUS Feature Pack Benefits of using System Management Server:Benefits of using System Management Server: –Update management –Automates key aspects of update management –Can update a broad range of Microsoft products –Can be used to update third-party software and install other software updates or applications

39 Systems Management Server MBSA Integration MBSA integration included with SMS 2003 and the WSUS Feature Pack for SMS 2.0MBSA integration included with SMS 2003 and the WSUS Feature Pack for SMS 2.0 Scans SMS clients for missing security updates using mbsacli.exe /hfScans SMS clients for missing security updates using mbsacli.exe /hf 1.SMS directs client to run local MBSA scan 2.Client performs scan, returns data to SMS server 3.SMS server parses data to determine which computers need which security updates 4.Administrator pushes missing updates only to clients that require them

40 Systems Management Server Limitations Command-line syntax must be configured for unattended installation of each updateCommand-line syntax must be configured for unattended installation of each update Microsoft Office updates require extraction to edit a settings file for unattended installationMicrosoft Office updates require extraction to edit a settings file for unattended installation International updates must be manually downloaded from a Web pageInternational updates must be manually downloaded from a Web page

41 Firewall Microsoft Update Systems Management Server How It Works System Management Server Site Server System Management Server Distribution Point System Management Server Clients System Management Server Distribution Point

42 Best Practices for Update Management Implement a good update management processImplement a good update management process Choose a update management solution that meets your organization’s needsChoose a update management solution that meets your organization’s needs Subscribe to the Microsoft Security Notification ServiceSubscribe to the Microsoft Security Notification Service Make use of Microsoft guidance and resourcesMake use of Microsoft guidance and resources Keep your systems up to dateKeep your systems up to date

43 Session Summary Implementing security updates promptly is a critical component in a security management planImplementing security updates promptly is a critical component in a security management plan Update management needs to follow your standard network management processesUpdate management needs to follow your standard network management processes For small and medium-sized business, MBSA and WSUS together provide an excellent update management solutionFor small and medium-sized business, MBSA and WSUS together provide an excellent update management solution

44 Next Steps 1.Find additional security training events: – The Microsoft Security Events and Webcasts Web site 2.Sign up for security communications: – The Microsoft TechNet Web site 3.Order the Security Guidance Kit: – The Microsoft TechNet Web site 4.Get additional security tools and content: – The Microsoft Security Web site

45 Next Steps 1.Find additional security training events: http://www.microsoft.com/seminar/events/security.mspx 2.Sign up for security communications: http://www.microsoft.com/technet/security/signup/ default.mspx http://www.microsoft.com/technet/security/signup/ 3.Get additional security tools and content: http://www.microsoft.com/security/guidance

46 For More Information… Visit TechNet at www.microsoft.com/technetVisit TechNet at www.microsoft.com/technet Visit Microsoft Security at www.microsoft.com/securityVisit Microsoft Security at www.microsoft.com/security

47 Questions and Answers Submit text questions using the “Ask” button.Submit text questions using the “Ask” button. Don’t forget to fill out the survey.Don’t forget to fill out the survey. For upcoming and previously live webcasts: www.microsoft.com/webcastsFor upcoming and previously live webcasts: www.microsoft.com/webcasts www.microsoft.com/webcasts Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781Got webcast content ideas? Contact us at: http://go.microsoft.com/fwlink/?LinkId=41781 http://go.microsoft.com/fwlink/?LinkId=41781 Today's webcast was presented using Microsoft Office Live Meeting. Get a free 14-day trial http://www.microsoft.com/presentliveToday's webcast was presented using Microsoft Office Live Meeting. Get a free 14-day trial http://www.microsoft.com/presentlive http://www.microsoft.com/presentlive

48 Clinic Evaluation

49

Download ppt "Kai Axford, CISSP, MCSE-Security TechNet Presenter Microsoft Corporation Implementing Security Update Management."

Similar presentations

Patch Management Patch Management in a Windows based environment

Patch Management Patch Management in a Windows based environment
WSUS Presented by: Nada Abdullah Ahmed.

WSUS Presented by: Nada Abdullah Ahmed.
Paula Kiernan Senior Consultant Ward Solutions

Paula Kiernan Senior Consultant Ward Solutions
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 13: Planning Server and Network Security.
A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.

A Technical Overview of Microsoft Forefront Client Security (FCS) Howard Chow Microsoft MVP.
SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.

SAGE-AU Adelaide Windows Update Services Michael Kleef IT Pro Evangelist Microsoft Corporation Level 200.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Chapter 7 HARDENING SERVERS.

Chapter 7 HARDENING SERVERS.
Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.

Symantec AntiVirus Update Mark Reynolds Manager of Support Services Technology Support Services Michael Satut Manager of Distributed Support Services Technology.
Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor

Implementing Server Security on Windows 2000 and Windows Server 2003 Steve Lamb Technical Security Advisor
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 10: Server Administration.
1 Secure Your Business PATCH MANAGEMENT STRATEGY.

1 Secure Your Business PATCH MANAGEMENT STRATEGY.
Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer

Microsoft Baseline Security Analyzer INLS 187 Security Software Presentation by Hinár György Polczer
Patching MIT SUS Services IS&T Network Infrastructure Services Team.

Patching MIT SUS Services IS&T Network Infrastructure Services Team.
Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.

Small Business Security By Donatas Sumyla. Content Introduction Tools Symantec Corp. Company Overview Symantec.com Microsoft Company Overview Small Business.
Maintaining and Updating Windows Server 2008

Maintaining and Updating Windows Server 2008
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.
Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.

Module 6: Patches and Security Updates 1. Overview Installing Patches and Security Updates Recent patches and security updates for IIS Recent patches.
11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.

11 MAINTAINING THE OPERATING SYSTEM Chapter 5. Chapter 5: MAINTAINING THE OPERATING SYSTEM2 CHAPTER OVERVIEW Understand the difference between service.
IT:Network:Microsoft Applications

IT:Network:Microsoft Applications

Similar presentations

Ads by Google