Software Updating: Hitting the Mark

Similar documents
Defense-in-Depth Against Malicious Software. Speaker name Title Group Microsoft Corporation

ADMINISTERING SYSTEM CENTER CONFIGURATION MANAGER

Administering System Center Configuration Manager

Administering System Center 2012 Configuration Manager

Administering System Center Configuration Manager

Administering System Center Configuration Manager

A: Administering System Center Configuration Manager

Course A: Administering System Center Configuration Manager

Administering System Center 2012 Configuration Manager

"Charting the Course... MOC A: Administering System Center Configuration Manager. Course Summary

Duration Level Technology Delivery Method Training Credits. System Center Configuration Manager

Administering System Center Configuration Manager ( A)

Microsoft Administering System Center Configuration Manager

Administering System Center 2012 Configuration Manager (10747D)

System Center Course Administering System Center Configuration Manager. Length. Audience. 5 days

Ensuring Desktop Central Compliance to Payment Card Industry (PCI) Data Security Standard

ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

External Supplier Control Obligations. Cyber Security

Administering System Center Configuration Manager ( )

10747D: ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

10747D: Administering System Center 2012 Configuration Manager

Administering System Center Configuration Manager

A: Administering System Center Configuration Manager

Administering System Center Configuration Manager and Intune

Administering System Center Configuration Manager

During security audits, over 15,000 vulnerability assessments are made, scanning the network IP by IP.

The SANS Institute Top 20 Critical Security Controls. Compliance Guide

: 20696C: Administering System Center Configuration Manager and Intune

PowerShell for System Center Configuration Manager Administrators

"Charting the Course to Your Success!" MOC D Administering System Center 2012 Configuration Manager. Course Summary

Nebraska CERT Conference

Administrering System Center 2012 Configuration Manager vd

CyberArk Privileged Threat Analytics

Course 10747D: Administering System Center 2012 Configuration Manager Exam Code:

Administering System Center Configuration Manager and Intune

Administering System Center Configuration Manager and Intune

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Vulnerability Management Policy

M20696 Administering System Center Configuration Manager and Intune

90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation

Course 20416B: Implementing Desktop Application Environments Page 1 of 7

NERC CIP VERSION 6 BACKGROUND COMPLIANCE HIGHLIGHTS

NE Administering System Center Configuration Manager and Intune

CS 356 Operating System Security. Fall 2013

Microsoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications

the SWIFT Customer Security

PCI DSS v3.2 Mapping 1.4. Kaspersky Endpoint Security. Kaspersky Enterprise Cybersecurity

Implementing Desktop Application Environments

Security Assessment. Prepared For: Prospect Or Customer Prepared By: Your Company Name

GFI product comparison: GFI LanGuard 12 vs Microsoft Windows Intune (February 2015 Release)

MOC ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

The Common Controls Framework BY ADOBE

Host Hardening Achieve or Avoid. Nilesh Kapoor Auckland 2016

Transforming Security from Defense in Depth to Comprehensive Security Assurance

Privilege Security & Next-Generation Technology. Morey J. Haber Chief Technology Officer

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Meeting PCI DSS 3.2 Compliance with RiskSense Solutions

Defense in Depth Security in the Enterprise

K12 Cybersecurity Roadmap

Security Challenges: Integrating Apple Computers into Windows Environments

Automating the Top 20 CIS Critical Security Controls

20416B: Implementing Desktop Application Environments

Changing face of endpoint security

Vulnerability Management

Administer System Center Configuration Manager for Desktop Support

Leading the Way. in Managed Services

Securing Today s Mobile Workforce

MS-20696: Managing Enterprise Devices and Apps using System Center Configuration Manager

Reviewer s guide. PureMessage for Windows/Exchange Product tour

CipherCloud CASB+ Connector for ServiceNow

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

10 FOCUS AREAS FOR BREACH PREVENTION

Mobility, Security Concerns, and Avoidance

align security instill confidence

Plant Security Services Protecting productivity in the digital era October

Internet Scanner 7.0 Service Pack 2 Frequently Asked Questions

Reinvent Your 2013 Security Management Strategy

NOTHING IS WHAT IT SIEMs: COVER PAGE. Simpler Way to Effective Threat Management TEMPLATE. Dan Pitman Principal Security Architect

Protect your apps and your customers against application layer attacks

MOC 20416B: Implementing Desktop Application Environments

Comodo Endpoint Security Manager Professional Edition Software Version 3.3

What are PCI DSS? PCI DSS = Payment Card Industry Data Security Standards

Managing and Maintaining a Microsoft Windows Server 2003 Environment

T22 - Industrial Control System Security

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

CA Security Management

How NOT To Get Hacked

A Practical Approach to Implement a Risk Based ISMS

Mitigation Controls on. 13-Dec-16 1

What is Penetration Testing?

AUTHORITY FOR ELECTRICITY REGULATION

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

Joint System Administrator Checklist Version December 2005

ClearPath OS 2200 System LAN Security Overview. White paper

Exam Questions

Windows 7 Deployment Key Milestones

HIPAA RISK ADVISOR SAMPLE REPORT

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

Monthly Security Bulletin Briefing

This section of the release notes is reserved for notable changes and new features since the prior version.

Transcription:

Software Updating: Hitting the Mark Ravi Sankar Technology Evangelist Microsoft Corporation ravi.sankar@microsoft.com

Agenda Update Management Overview Update Management Process Update Management Tools

The Business Case While determining the financial impact of poor update management consider the following Downtime Remediation time Data integrity Lost credibility with customers and partners Negative public relations Legal defenses Stolen Intellectual Property

Understanding the Vulnerability Timeline Most Attacks occur here Product Shipped Vulnerability Discovered Vulnerability Disclosed Update Made Available Update Deployed Malware Attack (Year) Nimda (2000) 336 SQLP (2002) 185 Days between update and exploit Days between update and exploit have decreased MSBLAST(2003) 26 SASSER(2004) 17 ZOTOB(2005) 5

Agenda Update Management Overview Update Management Process Update Management Tools

Requirements for Successful Update Management Project management, four-phase update management process Effective Processes People who understand their roles and responsibilities Tools and Technologies Effective Operations Products, tools, automation

Update Management Process Assess 12 34 Assess Identify Evaluate Deploy and Plan Inventory computing assets Assess threats and vulnerabilities Inventory Discover Determine Prepare for computing new whether deployment updates the assets Assess Determine update Deploy threats is the actually whether update and required to updates vulnerabilities are Plan targeted relevant the release computers to your of the Determine environment update Review the the deployment best source 1 for Assess information Obtain Build the update, release about confirm new it is updates safe Perform acceptance testing Assess Determine your if software update is a distribution normal change infrastructure or an Deploy emergency 4 Assess operational effectiveness Determine the best source for information about new updates Assess your software distribution infrastructure Assess operational effectiveness Deploy Prepare for deployment Deploy the update to targeted computers Review the deployment Identify Discover new updates Determine whether updates are relevant to your environment Obtain update, confirm it is safe Determine if update is a normal change or an emergency 2 Identify Evaluate and Plan 1 Assess 3 4 Deploy Evaluate and Plan 2 Identify Determine whether the update is actually required Plan the release of the update Build the release Perform acceptance testing 3 Evaluate and Plan

Choosing an Update Management Solution Customer type Scenario Solution Consumer All scenarios Microsoft Update Small organization Medium-sized or large enterprise Has no Windows servers Has one to three Windows 2000 or newer servers and one IT administrator Wants an update management solution with basic control to update Windows 2000 and newer versions of Windows Wants a single flexible update management solution with extended level of control to update and distribute all software Microsoft Update MBSA and WSUS MBSA and WSUS System Center Configuration Manager

Update Management Solution for Consumers and Small Organizations Update management solution based on Protect Your PC: 1. Use an Internet firewall 2. Get computer updates from Microsoft Update 3. Use up-to-date antivirus software 4. Deploy Windows XP SP 2 5. See the Protect Your PC page on the Microsoft Security at Home Web site

MBSA Benefits Scans systems for: Missing security updates Potential configuration issues Works with a broad range of Microsoft software Allows an administrator to centrally scan multiple computers simultaneously MBSA is a free tool, and can be downloaded from the Microsoft Baseline Security Analyzer page on the Microsoft TechNet Web site

MBSA Considerations MBSA reports important security issues: Password weaknesses Guest account not disabled Auditing not configured Unnecessary services installed IIS security issues Internet Explorer zone settings Automatic Updates configuration Windows firewall configuration

MBSA How It Works Windows Download Center WSUSScan.cab MBSA Computer

MBSA Scan Options MBSA has two scan options: MBSA graphical user interface (GUI) MBSA standard command-line interface (mbsacli.exe) When scanning for security updates, you can configure MBSA to: Update the Microsoft Update Agent on all scanned computers Use a WSUS server as the update source Use Microsoft Update as the update source Now you can Integrate it with new MBSA Visio Connector

Windows Server Update Services (WSUS) Benefits Gives administrators control over update management Administrators can review, test, and approve updates before deployment Simplifies and automates key aspects of the update management process Can be used with Group Policy, but Group Policy is not required to use WSUS Easy to implement Free tool from Microsoft

WSUS How It Works Microsoft Update Firewall Pilot Computers Group WSUS Server Client Computers Group WSUS Administrator Windows Servers Group

WSUS Deployment Scenarios Microsoft Update Firewall Independent WSUS Server Regional Client Computers Main Office WSUS Server Disconnected WSUS Server Remote Office Client Computers Replica WSUS Server Main Office Client Computers

WSUS Client Component The client component of WSUS is Automatic Updates Can be configured to pull updates either from corporate WSUS server or from Microsoft Update Three ways to configure Automatic Updates: Centrally, by using Group Policy Manually configure clients Use scripts to configure clients

WSUS Server Component The server component of WSUS is Windows Server Update Services Can synchronize updates from Microsoft Update on a schedule Provides a Web-based administrative GUI Has several built-in default security features Provides synchronization and update reports Uses MSDE or SQL Server database to store update metadata, events, and settings Interface is localized in 17 languages

How to Use WSUS On the WSUS server: 1 Administer the WSUS server at http://<server name>/wsusadmin 2 3 4 Configure the WSUS server synchronization schedule and settings Create client computer groups and assign computers Review, test, and approve updates On each WSUS client: Configure Automatic Updates on the client to use the WSUS server

Systems Management Server Benefits For a full software distribution update management solution, use: System Management Server 2003 or System Center Configuration Manager 2007 Benefits of using System Management Server: Gives administrators comprehensive control over update management Automates key aspects of update management Can update a broad range of Microsoft products Can be used to update third-party software and install other software updates or applications

Systems Management Server How It Works Microsoft Update Firewall System Management Server Distribution Point System Management Server Clients System Management Server Distribution Point System Management Server Site Server System Management Server Clients System Management Server Clients

Best Practices for Update Management Implement a good update management process Choose a update management solution that meets your organization s needs Subscribe to the Microsoft Security Notification Service Make use of Microsoft guidance and resources Keep your systems up to date

Session Summary Implementing security updates promptly is a critical component in a security management plan Update management needs to follow your standard network management processes For small and medium-sized business, MBSA and WSUS together provide an excellent update management solution

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback