Patch Management - PowerPoint PPT Presentation

1 / 24
About This Presentation
Title:

Patch Management

Description:

Windows update service is an online resource that provides ... Windows Update (online) WSUS (Enterprise Tool) Microsoft Baseline Security Analyzer ... – PowerPoint PPT presentation

Number of Views:1830
Avg rating:3.0/5.0
Slides: 25
Provided by: mauriceki
Category:

less

Transcript and Presenter's Notes

Title: Patch Management


1
Patch Management
  • Patch Management in a Windows based environment
  • Personal Solutions
  • vs.
  • Enterprise Solutions
  • By Maurice Kirkmanbey
  • System Administrator
  • CISSP, MCSE/MCSA/MCITP

14 Jun 2008
2
Overview
  • Windows update service is an online resource that
    provides
  • updates to its Windows operating system over
    time. As
  • vulnerabilities are discovered and other weakness
    in the OS are
  • exposed, patch management (PM) along with other
    protection
  • strategies are integrated in providing a
    defensive perimeter to protect
  • the personal or enterprise network.

3
Objectives
  • Understand Patch Management in a
    personal/enterprise environment
  • Discuss Microsofts terminology
  • Design a personal solution for PM
  • Design an enterprise solution for PM
  • Demonstrate basic concepts and strategies in PM

4
PM Defined
  • Patch management maintains the OS while improving
    performance,
  • stability and providing enhancements over the
    lifecycle of the
  • operating system. Maintaining system integrity,
    availability, and
  • when possible accountability is essential for
    personal and enterprise
  • computing. However, enterprise systems rely
    heavily on
  • accountability and confidentiality as an integral
    part of its computing
  • environment.

5
PM Strategy
  • PM is a foundation Strategy
  • Blaster worm released 26 days after Microsoft
    reported the vulnerability
  • From Microsoft This Week
  • MS08-030 Vulnerability in Bluetooth Stack Could
    Allow Remote Code Execution (951376)
  • -          Rating Critical
  • -          Impact of Vulnerability Remote Code
    Execution
  • MS08-031 Cumulative Security Update for Internet
    Explorer (950759)
  • -          Rating Critical
  • -          Impact of Vulnerability Remote Code
    Execution  

6
Defense in Depth
  • Defending your OS
  • Passive vs. active attacks
  • Denial of service
  • Privilege escalation
  • Versions of Buffer overflow attacks
  • Remote code Execution

7
Defense in Depth
  • PM alone will not defend against
  • A person who has physical access to system in
    your home or office.
  • Establish covert communications channel
    authorized on the system
  • Cyber terrorism
  • Malicious code/Malware/Malicious Software
  • Worms
  • Viruses
  • Buffer overflow attack
  • Email vulnerability
  • Spam definitions, junk mail options
  • Default enabled functionality

8
Terminology
  • Security Updates
  • Critical Updates
  • Hot fixes
  • Service Packs

9
Considerations
  • Bandwidth Issues
  • Topology issues
  • Versioning control

10
Admin Tools
  • Windows Update (online)
  • WSUS (Enterprise Tool)
  • Microsoft Baseline Security Analyzer

11
The Online Windows Update
  • Access Windows Update
  • Scan, Select and download updates Express or
    Custom
  • Follow Prompts to install updates
  • Configures the updates you install

12
Personal Patch management
  • Configuring an individual Computer
  • STARTControl Panel Automatic Updates
  • Four Choices
  • Automatic (and Install) Frequency and Time
  • Download Updates, but let me choose when to
    install (auto restart may still occur)
  • Notify Me, but dont automatically install
  • Turn off automatic updates (not recommended)

13
BASE CONCEPT of PM
14
Windows Update
15
Windows Update
16
Windows Update
17
Windows Update
18
Personal PM
MS Redmond
19
Mid Day Administrator's Nightmare
HmmmmEmail, Web server, Domain Controllers etc.
20
Enterprise Patch Management
  • WSUS
  • Central Management (CONTROL)
  • Incremental or full approval process
  • Reduced bandwidth consumption
  • Supported products isolation ie. W2K, WIN
    2003/XP/Visa
  • Selected languages
  • Reporting tools and summarization
  • Client Deployment by groups, specials needs

21
WSUS in Action
22
PM Enterprise Design
700 Clients
NY WSUS
RDU WSUS
Chicago WSUS
25 Clients
MS Redmond
LA WSUS
500 Clients
23
Demo
  • Personal PM
  • Enterprise PM (WIN2003 SBS)

24
Summary
  • Patch management
  • Automated tools
  • Layered defense strategy
  • Centralized control
  • Client auditing
  • Information Assurance
Write a Comment
User Comments (0)
About PowerShow.com