Rob Davidson, Partner Technology SpecialistMicrosoft Management Servers: Using management to stay secure

2

Agenda

Using Management Tools to Help with Security

SMS Patch Management (Client, Server) How partners can do to help customers

MOM Monitoring your networks security What partners can do to help

Summary / Q&A

3

4

Microsoft IT SMS 2003 Core Usage Scenarios

Asset management Patch management Software distribution Software metering Security Patches File collection Targeted Deployments

5

Patch Management Framework

1. Assess Environment to be Patched1. Assess Environment to be Patched

Periodic TasksPeriodic TasksA. Create/maintain baseline of systemsA. Create/maintain baseline of systems

B. Access patch managementB. Access patch management architecture (is it fit for purpose) architecture (is it fit for purpose)

C. Review Infrastructure/C. Review Infrastructure/ configuration configuration

Ongoing TasksOngoing TasksA. Discover AssetsA. Discover Assets

B. Inventory ClientsB. Inventory Clients

1. Assess1. Assess 2. Identify2. Identify

4. Deploy4. Deploy3. 3.

Evaluate & Evaluate & PlanPlan

2. Identify New Patches2. Identify New Patches

TasksTasksA. Identify new patchesA. Identify new patches

B. Determine patch relevanceB. Determine patch relevance (includes threat assessment) (includes threat assessment)

C. Verify patch authenticity & C. Verify patch authenticity & integrityintegrity (no virus: installs on isolated (no virus: installs on isolated system) system)

3. Evaluate & Plan Patch 3. Evaluate & Plan Patch DeploymentDeployment

TasksTasksA. Complete patch acceptance A. Complete patch acceptance testing testing

B. Obtain approval to deploy patchB. Obtain approval to deploy patch

C. Perform risk assessmentC. Perform risk assessment

D. Plan patch release processD. Plan patch release process

4. Deploy the Patch4. Deploy the Patch

TasksTasksA. Distribute and install patchA. Distribute and install patchB. Report on progressB. Report on progressC. Handle exceptionsC. Handle exceptions

D. Review deploymentD. Review deployment

Desktop Patch Management

7

Desktop Patch Management

Overview Benefits of SMS 2003 patch management Best practices

8

Benefits of Using SMS Patch Management

Proactive Monthly Patching and Compliance Process Catch security issues before they affect productivity Minimize the cost of alternate compliance processes

Packaging is Automated No custom scripting and testing Faster time to market

Centralized Patch and Compliance Method Used across the company

Leverage Existing Resources Uses SMS server infrastructure Uses SMS administrators

9

Wed

s W

eds

10:0

0AM

10:0

0AM

Thur

sTh

urs

5:00

AM

5:00

AM

Fri

Fri

2:00

PM

2:00

PM

5:00

PM

5:00

PM

5:00

PM

5:00

PM

5:00

PM

5:00

PM

5:00

PM

5:00

PM

12%12%30%30%Vulnerable ClientsVulnerable Clients 6%6% 5%5% 3%3%

Microsoft IT Multiple-Prong Approach Managed and Unmanaged Environment

HighHighClient ImpactClient Impact

MethodMethod

LowLowClient ImpactClient Impact

Emergency client patch timelineEmergency client patch timeline

Windows Update (Optional)Windows Update (Optional)

Email & ITWeb Notification (Optional)Email & ITWeb Notification (Optional)

SMS Patch Management (Voluntary >Forced)SMS Patch Management (Voluntary >Forced)

Logon Script (Forced)Logon Script (Forced)

Internal Scanning Tool (Forced)Internal Scanning Tool (Forced)

Port ShutdownsPort Shutdowns

10

Best Practices to Enhance Patch Management

Great technology, great processes, great peopleSMS Client Health Management Plan

Manage using a scorecard Investigate by collecting client logs Repair thru logon script logic

SMS Client Coverage Management Plan Boundary Management Client Count Trending

SMS Infrastructure Management Plan MOM Management Pack for SMS

Server Patch Management

12

Servers…

Target Key ServersNot all Servers need all patches

A server that will not run IIS may not need to have IIS patches applied…

Know when reboot is required (Plan it)Backup / Recovery Plan (Ready)

13

Partner Opportunities

Security is the #1 priorityExecutive support is criticalThe process is just as critical as the implementation of the

technologySecurity AssessmentsWhat if? Planning and Recovery?HW and SW inventory frequency increased for patch compliance

reportingScalable Solution (Start small and grow)Assistance with MSUS – SMS choices

14

15

Polices, Procedures & Awareness

MOM and Security Management

Physical Security

Internal Network

Perimeter

Host

Application

Data

MOM 2005 is a platform

Monitoring vs. Administration

MOM

Management Packs

Operational Data

16

MOM 2005 Security Features

Secure by defaultRole based securityChannel securitySupport for more firewall scenariosMore…

17

More Security Features

MBSA Management Pack Scans for common security misconfigurations Needs admin level privileges

Task execution “auditing” What task was run When it was run By which user Against which computers Whether or not it was successful

18

Partner Opportunities

Mom Install ConfigurationSecurity Auditing, who, what, whenAnalysisWell Managed is Secure

19

Resources

http://www.microsoft.com/securityhttp://www.microsoft.com/smshttp://www.microsoft.com/mom

20

© 2004 Microsoft Corporation. All rights reserved. © 2004 Microsoft Corporation. All rights reserved.

This whitepaper presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. This whitepaper presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, SharePoint, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the Microsoft, Active Directory, SharePoint, Windows, and Windows Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.United States and/or other countries.