Transcript Patch Management

Patch Management
Patch Management in a Windows based environment
Personal Solutions
vs.
Enterprise Solutions
By Maurice Kirkmanbey
System Administrator
CISSP, MCSE/MCSA/MCITP
14 Jun 2008
Overview
Windows update service is an online resource that provides
updates to its Windows operating system over time. As
vulnerabilities are discovered and other weakness in the OS are
exposed, patch management (PM) along with other protection
strategies are integrated in providing a defensive perimeter to protect
the personal or enterprise network.
Objectives





Understand Patch Management in a
personal/enterprise environment
Discuss Microsoft’s terminology
Design a personal solution for PM
Design an enterprise solution for PM
Demonstrate basic concepts and strategies in PM
PM Defined
Patch management maintains the OS while improving performance,
stability and providing enhancements over the lifecycle of the
operating system. Maintaining system integrity, availability, and
when possible accountability is essential for personal and enterprise
computing. However, enterprise systems rely heavily on
accountability and confidentiality as an integral part of its computing
environment.
PM Strategy
PM is a foundation Strategy

Blaster worm released 26 days after Microsoft reported the vulnerability*
From Microsoft This Week:
 MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code
Execution (951376)
Rating: Critical
Impact of Vulnerability: Remote Code Execution

MS08-031: Cumulative Security Update for Internet Explorer (950759)
Rating: Critical
Impact of Vulnerability: Remote Code Execution
*Source: Fontana, John. (2003). How to Handle Patch Management. Network World. Retrieved from the world wide web on 13 Jun 2008 from
http://www.networkworld.com/research/2003/1201howtopatch.html?zb&rc=mgmt_patch
Defense in Depth
Defending your OS
 Passive vs. active attacks
 Denial of service
 Privilege escalation
 Versions of Buffer overflow attacks

Remote code Execution
Defense in Depth
PM alone will not defend against:
 A person who has physical access to system in your home or
office.
 Establish covert communications channel authorized on the
system
 Cyber terrorism
 Malicious code/Malware/Malicious Software
 Worms
 Viruses
 Buffer overflow attack
 Email vulnerability
 Spam definitions, junk mail options
 Default enabled functionality
Terminology

Security Updates

Critical Updates

Hot fixes

Service Packs
Considerations

Bandwidth Issues

Topology issues

Versioning control
Admin Tools
Windows Update (online)
 WSUS (Enterprise Tool)
 Microsoft Baseline Security Analyzer

The Online Windows Update

Access Windows Update

Scan, Select and download updates:
Express or Custom

Follow Prompts to install updates

Configures the updates you install
Personal Patch management:
Configuring an individual Computer
START>Control Panel >Automatic Updates
Four Choices:

Automatic (and Install) Frequency and Time

Download Updates, but let me choose when to
install (auto restart may still occur)

Notify Me, but don’t automatically install

Turn off automatic updates (not recommended)
BASE CONCEPT of PM
Windows Update
Windows Update
Windows Update
Windows Update
Personal PM
MS
Redmond
Mid Day Administrator's Nightmare
Hmmmm……Email, Web server, Domain Controllers etc….
Enterprise Patch Management:
WSUS

Central Management (CONTROL)
 Incremental or full approval process
 Reduced bandwidth consumption
 Supported products isolation: ie. W2K, WIN
2003/XP/Visa
 Selected languages
 Reporting tools and summarization
 Client Deployment by groups, specials needs
WSUS in Action
`
`
`
Microsoft Updates
PM Enterprise Design
700 Clients
NY
WSUS
MS Redmond
Chicago
WSUS
RDU
WSUS
LA
WSUS
25 Clients
500 Clients
Demo

Personal PM

Enterprise PM (WIN2003 SBS)
Summary
Patch management
 Automated tools
 Layered defense strategy
 Centralized control
 Client auditing
 Information Assurance
