Transcript PowerPoint Presentation - Security Risk Management

Patching Windows @ MIT
SUS Services
IS&T Network Infrastructure Services Team
Security Risk Management
Having a Strategic Security Program






Threat: A threat is any potential danger to information or systems.
Threat agent: A threat agent is the person or process attacking the network
through a vulnerable port on the firewall, or a process used to access data in a
way that violates your security policy.
Vulnerability: A vulnerability is a software, hardware, or procedural weakness
that may provide an attacker or threat agent with an opportunity to enter a
computer or network and gain unauthorized access to resources within the
environment
Risk: A risk is the likelihood of a threat agent taking advantage of a
vulnerability. It is the potential for loss or the probability that a threat will
exploit a vulnerability.
Exposure: An exposure occurs when a threat agent exposes a company asset
to potential loss. A vulnerability can cause an organization to be exposed to
possible damages.
Countermeasure: A countermeasure, or safeguard, mitigates a risk.
Countermeasures include software configurations, hardware, or procedures
that eliminate a vulnerability or reduce the risk of a threat agent from being
able to exploit a vulnerability. PROACTIVE!
Microsoft Software Update Services
(SUS)

The accelerating lifecycle of a security patch

Introduction to Software Update Services

Features/Components
– SUS Server
– Client
The accelerating lifecycle of a security patch

Frequency between new vulnerabilities

Time the vendor has to release a patch

Time between publication and exploit code

Time for the Administrator or End User to patch

Number of products to patch
Introduction to Software Update Services

Automate: Keep Windows up-to-date with the
latest critical and security patches

Simplify: The patch management process - MBSA

Schedule Update times

Deploy: Reach clients that are not part of a
Windows Domain
Overview
Microsoft AutoUpdates vs. SUS
updates
WindowsUpdate
Sync Updates
Internet
Intranet
Configured
by Admin
SUS server
Automatic
Updates Client
Features/Components

SERVER: SUS
– Automatic Updates on computers (desktops or servers)
– An internally-hosted Windows Update server
– An internally -controlled content synchronization service
– Administrator control over updates
– Multi-language support - Localized in 24 languages
– Digital signatures on downloaded content
– Server-side logging
– Log of client status
Load balancing SUS at MIT
Microsoft’s
Sync
Windows Update
SUS
SUS
F5 (Big IP)
Features/Components (2)

CLIENT: Automatic Updates
– Installed on computers on the network
– Checks SUS server or public WU for updates regularly
– Auto-download and install updates under
admin control
– Automatically download and install critical updates
– Consolidate multiple reboots into a single oneNotify
local administrator on the machine about pending
updates
– Notify logged-on users about pending reboots
– Configured using Registry keys
– Supports Group Policy
– Downloads are done in the background using BITS
technology
MBSA

Free tool that scans for common security
misconfigurations and missing security updates
– GUI and command-line interface (CLI)
– Perform security update portion of scan against local SUS
server

Scans for approved updates on SUS server instead of all available
updates
– User interface: MBSA reads registry for SUS server
information, or user manually enters it
– CMD LINE

mbsacli.exe /sus http://mysusserver
Client Configuration
– With Active Directory (using Group Policy)
 ADM file – WUAU.adm
 Client behavior and SUS server selection can be
configured
– Without Active Directory (but central tool)
 Script to deploy the registry policy keys
Website Demo:
http://web.mit.edu/ist/topics/windows/updates