Patch Management

Patch Management in a Windows based environment

Personal Solutions vs.

Enterprise Solutions

By Maurice KirkmanbeySystem AdministratorCISSP, MCSE/MCSA/MCITP

14 Jun 2008

Overview

Windows update service is an online resource that provides

updates to its Windows operating system over time. As

vulnerabilities are discovered and other weakness in the OS are

exposed, patch management (PM) along with other protection

strategies are integrated in providing a defensive perimeter to protect

the personal or enterprise network.

Objectives

Understand Patch Management in a personal/enterprise environment

Discuss Microsoft’s terminology Design a personal solution for PM Design an enterprise solution for PM Demonstrate basic concepts and strategies in PM

PM Defined

Patch management maintains the OS while improving performance, stability and providing enhancements over the lifecycle of theoperating system. Maintaining system integrity, availability, and when possible accountability is essential for personal and enterprisecomputing. However, enterprise systems rely heavily on accountability and confidentiality as an integral part of its computingenvironment.

PM Strategy

PM is a foundation Strategy

Blaster worm released 26 days after Microsoft reported the vulnerability*

From Microsoft This Week: MS08-030: Vulnerability in Bluetooth Stack Could Allow Remote Code

Execution (951376) -          Rating: Critical-          Impact of Vulnerability: Remote Code Execution

MS08-031: Cumulative Security Update for Internet Explorer (950759)-          Rating: Critical-          Impact of Vulnerability: Remote Code Execution  

*Source: Fontana, John. (2003). How to Handle Patch Management. Network World. Retrieved from the world wide web on 13 Jun 2008 from http://www.networkworld.com/research/2003/1201howtopatch.html?zb&rc=mgmt_patch

Defense in Depth

Defending your OS Passive vs. active attacks Denial of service Privilege escalation Versions of Buffer overflow attacks Remote code Execution

Defense in Depth

PM alone will not defend against: A person who has physical access to system in your home or

office. Establish covert communications channel authorized on the

system Cyber terrorism Malicious code/Malware/Malicious Software Worms Viruses Buffer overflow attack Email vulnerability Spam definitions, junk mail options Default enabled functionality

Terminology

Security Updates

Critical Updates

Hot fixes

Service Packs

Considerations

Bandwidth Issues

Topology issues

Versioning control

Admin Tools

Windows Update (online)WSUS (Enterprise Tool)Microsoft Baseline Security Analyzer

The Online Windows Update

Access Windows Update

Scan, Select and download updates: Express or Custom

Follow Prompts to install updates

Configures the updates you install

Personal Patch management:

Configuring an individual Computer START>Control Panel >Automatic Updates

Four Choices: Automatic (and Install) Frequency and Time Download Updates, but let me choose when to

install (auto restart may still occur) Notify Me, but don’t automatically install Turn off automatic updates (not recommended)

BASE CONCEPT of PM

Windows Update

Windows Update

Windows Update

Windows Update

MS Redmond

Personal PM

Mid Day Administrator's Nightmare

Hmmmm……Email, Web server, Domain Controllers etc….

Enterprise Patch Management:

WSUS Central Management (CONTROL) Incremental or full approval process Reduced bandwidth consumption Supported products isolation: ie. W2K, WIN

2003/XP/Visa Selected languages Reporting tools and summarization Client Deployment by groups, specials needs

WSUS in Action

Microsoft Updates

``

`

PM Enterprise Design

MS Redmond

LAWSUS

700 Clients

25 Clients

500 Clients

RDUWSUS

NYWSUS

ChicagoWSUS

Demo

Personal PM

Enterprise PM (WIN2003 SBS)

Summary

Patch managementAutomated toolsLayered defense strategyCentralized controlClient auditingInformation Assurance