11
Patching Patching Windows Windows @ @ MIT MIT SUS Services IS&T Network Infrastructure Services Team

Patching Windows @ MIT

  • Upload
    fancy

  • View
    34

  • Download
    0

Embed Size (px)

DESCRIPTION

Patching Windows @ MIT. SUS Services IS&T Network Infrastructure Services Team. Security Risk Management. Having a Strategic Security Program Threat: A threat is any potential danger to information or systems. - PowerPoint PPT Presentation

Citation preview

Page 1: Patching Windows @ MIT

Patching Patching WindowsWindows @ MIT @ MITSUS Services

IS&T Network Infrastructure Services Team

Page 2: Patching Windows @ MIT

Security Risk ManagementSecurity Risk ManagementHaving a Strategic Security Program

Threat: A threat is any potential danger to information or systems. Threat agent: A threat agent is the person or process attacking the network

through a vulnerable port on the firewall, or a process used to access data in a way that violates your security policy.

Vulnerability: A vulnerability is a software, hardware, or procedural weakness that may provide an attacker or threat agent with an opportunity to enter a computer or network and gain unauthorized access to resources within the environment

Risk: A risk is the likelihood of a threat agent taking advantage of a vulnerability. It is the potential for loss or the probability that a threat will exploit a vulnerability.

Exposure: An exposure occurs when a threat agent exposes a company asset to potential loss. A vulnerability can cause an organization to be exposed to possible damages.

Countermeasure: A countermeasure, or safeguard, mitigates a risk. Countermeasures include software configurations, hardware, or procedures that eliminate a vulnerability or reduce the risk of a threat agent from being able to exploit a vulnerability. PROACTIVE!

Page 3: Patching Windows @ MIT

Microsoft Software Update Services Microsoft Software Update Services (SUS)(SUS)

The accelerating lifecycle of a security patch

Introduction to Software Update Services

Features/Components– SUS Server– Client

Page 4: Patching Windows @ MIT

The accelerating lifecycle of a security patchThe accelerating lifecycle of a security patch

Frequency between new vulnerabilities

Time the vendor has to release a patch

Time between publication and exploit code

Time for the Administrator or End User to patch

Number of products to patch

Page 5: Patching Windows @ MIT

Introduction to Software Update ServicesIntroduction to Software Update Services

Automate: Keep Windows up-to-date with the latest critical and security patches

Simplify: The patch management process - MBSA

Schedule Update times

Deploy: Reach clients that are not part of a Windows Domain

Page 6: Patching Windows @ MIT

OverviewOverview

Microsoft AutoUpdates vs. SUS

WindowsUpdateWindowsUpdate

SUS serverSUS server

updatesupdates

Sync UpdatesSync Updates

Automatic Automatic Updates ClientUpdates Client

Configured Configured by Adminby Admin

InternetInternet

IntranetIntranet

Page 7: Patching Windows @ MIT

Features/ComponentsFeatures/Components

SERVER: SUS– Automatic Updates on computers (desktops or servers) – An internally-hosted Windows Update server – An internally -controlled content synchronization service – Administrator control over updates – Multi-language support - Localized in 24 languages– Digital signatures on downloaded content– Server-side logging– Log of client status

Page 8: Patching Windows @ MIT

Load balancing SUS at MITLoad balancing SUS at MIT

Microsoft’s

SUSSUS

SyncSync

Windows UpdateWindows Update SUSSUS

F5 (Big IP)F5 (Big IP)

Page 9: Patching Windows @ MIT

Features/Features/ComponentsComponents (2) (2) CLIENT: Automatic Updates

– Installed on computers on the network– Checks SUS server or public WU for updates regularly– Auto-download and install updates under

admin control– Automatically download and install critical updates– Consolidate multiple reboots into a single oneNotify

local administrator on the machine about pending updates

– Notify logged-on users about pending reboots– Configured using Registry keys– Supports Group Policy– Downloads are done in the background using BITS

technology

Page 10: Patching Windows @ MIT

MBSAMBSA Free tool that scans for common security

misconfigurations and missing security updates– GUI and command-line interface (CLI)– Perform security update portion of scan against local SUS

server Scans for approved updates on SUS server instead of all available

updates

– User interface: MBSA reads registry for SUS server information, or user manually enters it

– CMD LINE mbsacli.exe /sus http://mysusserver

Page 11: Patching Windows @ MIT

Client ConfigurationClient Configuration

– With Active Directory (using Group Policy) ADM file – WUAU.adm Client behavior and SUS server selection can be

configured

– Without Active Directory (but central tool) Script to deploy the registry policy keys

Website Demo:

http://web.mit.edu/ist/topics/windows/updates


USER MANUAL · Pengguna Windows Untuk menggunakan EFS, anda memerlukan komputer / komputer riba dengan spesifikasi berikut:.Net Version 4.6.1 required (Windows patching - KB3102436)

USER MANUAL · Pengguna Windows Untuk menggunakan EFS, anda memerlukan komputer / komputer riba dengan spesifikasi berikut:.Net Version 4.6.1 required (Windows patching - KB3102436)

Documents
Patching Procedure

Patching Procedure

Documents
Patching Potholes

Patching Potholes

Documents
Den Lehreralltagvereinfachen mit Windows 7sicherheitmachtschule.blob.core.windows.net/mediabase/...Den Windows Live Movie Maker laden Sie mit Windows 7 ganz einfach kostenlos aus dem

Den Lehreralltagvereinfachen mit Windows 7sicherheitmachtschule.blob.core.windows.net/mediabase/...Den Windows Live Movie Maker laden Sie mit Windows 7 ganz einfach kostenlos aus dem

Documents
Lumia mit Windows 10 Mobile Bedienungsanleitung

Lumia mit Windows 10 Mobile Bedienungsanleitung

Documents
Endpoint Security mit Windows 10Das sicherste Windows aller Zeiten –mit dauerhaftem Schutz •Windows 10 bietet umfassende, integrierte und stets aktuelle Sicherheitsfeatures, auf

Endpoint Security mit Windows 10Das sicherste Windows aller Zeiten –mit dauerhaftem Schutz •Windows 10 bietet umfassende, integrierte und stets aktuelle Sicherheitsfeatures, auf

Documents
Verteiltes Caching mit Windows Server AppFabric

Verteiltes Caching mit Windows Server AppFabric

Documents
Bilder Mit Windows LiveMail 2011 Versenden

Bilder Mit Windows LiveMail 2011 Versenden

Documents
os patching

os patching

Documents
Windows Security Tips€¦ · 3 Energy | Environment | National Security | Health | Critical Infrastructure Defending your Windows Box • Patching – Keep up to date with latest

Windows Security Tips€¦ · 3 Energy | Environment | National Security | Health | Critical Infrastructure Defending your Windows Box • Patching – Keep up to date with latest

Documents
Floor Patching

Floor Patching

Documents
Lighting Control System for Mac OS X and PC Windows Software License Agreement ... Patching your lighting fixtures ... download the software (for OS X or Windows) then run

Lighting Control System for Mac OS X and PC Windows Software License Agreement ... Patching your lighting fixtures ... download the software (for OS X or Windows) then run

Documents
Detail Patching

Detail Patching

Documents
appsdbawiki Demantra Patching · PDF fileDemantra(Patching(on(Windows(and(WAR(file(deployment(in(Linux(Krishnamoorthy(Rasappan(appsdbawiki(Pre Requisites: ! DB Backup ! App FS Backup

appsdbawiki Demantra Patching · PDF fileDemantra(Patching(on(Windows(and(WAR(file(deployment(in(Linux(Krishnamoorthy(Rasappan(appsdbawiki(Pre Requisites: ! DB Backup ! App FS Backup

Documents
Oem12c patching -OOW13

Oem12c patching -OOW13

Technology
Online Patching

Online Patching

Documents
Security Patching Using Windows Server Update Services Jeff Alexander IT Pro Evangelist Microsoft Australia

Security Patching Using Windows Server Update Services Jeff Alexander IT Pro Evangelist Microsoft Australia

Documents
Windows Server 2008 { Wirkungsvoller Netzwerkschutz mit Windows Server 2008 }

Windows Server 2008 { Wirkungsvoller Netzwerkschutz mit Windows Server 2008 }

Documents
DOAG2005 Provisioning und Patching mit Oracle … 2005 Provisioning und Patching mit Oracle Enterprise Manager 10gR2 Grid Control 11 Out-of-Box Library DB 9iR2 server DB 10gR1 server

DOAG2005 Provisioning und Patching mit Oracle … 2005 Provisioning und Patching mit Oracle Enterprise Manager 10gR2 Grid Control 11 Out-of-Box Library DB 9iR2 server DB 10gR1 server

Documents
Windows XP – Support stops on 8. April 2014 · Windows XP to Windows 7 or Windows 8 and to implement an appropriate patching regime to ensure a good security hygiene. Windows XP

Windows XP – Support stops on 8. April 2014 · Windows XP to Windows 7 or Windows 8 and to implement an appropriate patching regime to ensure a good security hygiene. Windows XP

Documents
Patching Windows Executables with the Backdoor Factory | DerbyCon 2013

Patching Windows Executables with the Backdoor Factory | DerbyCon 2013

Technology
Getting Started with Patching (Patching 101)

Getting Started with Patching (Patching 101)

Software
Mobile Games mit Windows Azure

Mobile Games mit Windows Azure

Technology
Patching 11

Patching 11

Documents
Patching in Oracle

Patching in Oracle

Documents
Virtual Patching

Virtual Patching

Documents
APTualizator: the malware patching Windows

APTualizator: the malware patching Windows

Documents
SharePoint Patching

SharePoint Patching

Documents
Exadata Patching

Exadata Patching

Documents
Windows Vista @MIT Windows Vista Activation @MIT And Windows Vista for WIN.MIT.EDU

Windows Vista @MIT Windows Vista Activation @MIT And Windows Vista for WIN.MIT.EDU

Documents