Patch Management

1
Patch Management

• Patch Management in a Windows based environment
• Personal Solutions
• vs.
• Enterprise Solutions
• By Maurice Kirkmanbey
• System Administrator
• CISSP, MCSE/MCSA/MCITP

14 Jun 2008
2
Overview

• Windows update service is an online resource that
  provides
  
• updates to its Windows operating system over
  time. As
  
• vulnerabilities are discovered and other weakness
  in the OS are
  
• exposed, patch management (PM) along with other
  protection
  
• strategies are integrated in providing a
  defensive perimeter to protect
  
• the personal or enterprise network.

3
Objectives

• Understand Patch Management in a
  personal/enterprise environment
  
• Discuss Microsofts terminology
• Design a personal solution for PM
• Design an enterprise solution for PM
• Demonstrate basic concepts and strategies in PM

4
PM Defined

• Patch management maintains the OS while improving
  performance,
  
• stability and providing enhancements over the
  lifecycle of the
  
• operating system. Maintaining system integrity,
  availability, and
  
• when possible accountability is essential for
  personal and enterprise
  
• computing. However, enterprise systems rely
  heavily on
  
• accountability and confidentiality as an integral
  part of its computing
  
• environment.

5
PM Strategy

• PM is a foundation Strategy
• Blaster worm released 26 days after Microsoft
  reported the vulnerability
  
• From Microsoft This Week
• MS08-030 Vulnerability in Bluetooth Stack Could
  Allow Remote Code Execution (951376)
  
• -          Rating Critical
• -          Impact of Vulnerability Remote Code
  Execution
  
• MS08-031 Cumulative Security Update for Internet
  Explorer (950759)
  
• -          Rating Critical
• -          Impact of Vulnerability Remote Code
  Execution  
  

6
Defense in Depth

• Defending your OS
• Passive vs. active attacks
• Denial of service
• Privilege escalation
• Versions of Buffer overflow attacks
• Remote code Execution

7
Defense in Depth

• PM alone will not defend against
• A person who has physical access to system in
  your home or office.
  
• Establish covert communications channel
  authorized on the system
  
• Cyber terrorism
• Malicious code/Malware/Malicious Software
• Worms
• Viruses
• Buffer overflow attack
• Email vulnerability
• Spam definitions, junk mail options
• Default enabled functionality

8
Terminology

• Security Updates
• Critical Updates
• Hot fixes
• Service Packs

9
Considerations

• Bandwidth Issues
• Topology issues
• Versioning control

10
Admin Tools

• Windows Update (online)
• WSUS (Enterprise Tool)
• Microsoft Baseline Security Analyzer

11
The Online Windows Update

• Access Windows Update
• Scan, Select and download updates Express or
  Custom
  
• Follow Prompts to install updates
• Configures the updates you install

12
Personal Patch management

• Configuring an individual Computer
• STARTControl Panel Automatic Updates
• Four Choices
• Automatic (and Install) Frequency and Time
• Download Updates, but let me choose when to
  install (auto restart may still occur)
  
• Notify Me, but dont automatically install
• Turn off automatic updates (not recommended)

13
BASE CONCEPT of PM
14
Windows Update
15
Windows Update
16
Windows Update
17
Windows Update
18
Personal PM
MS Redmond
19
Mid Day Administrator's Nightmare
HmmmmEmail, Web server, Domain Controllers etc.
20
Enterprise Patch Management

• WSUS
• Central Management (CONTROL)
• Incremental or full approval process
• Reduced bandwidth consumption
• Supported products isolation ie. W2K, WIN
  2003/XP/Visa
  
• Selected languages
• Reporting tools and summarization
• Client Deployment by groups, specials needs

21
WSUS in Action
22
PM Enterprise Design
700 Clients
NY WSUS
RDU WSUS
Chicago WSUS
25 Clients
MS Redmond
LA WSUS
500 Clients
23
Demo

• Personal PM
• Enterprise PM (WIN2003 SBS)

24
Summary

• Patch management
• Automated tools
• Layered defense strategy
• Centralized control
• Client auditing
• Information Assurance