1 / 16

Managed Host Security – Patch Management

Managed Host Security – Patch Management.   BigFix Deployment April-September 2004 Jay Stamps, ITSS Turing Auditorium, May 21, 2004. Why Here? Why Now?. Because Stanford wants to protect its information resources and continue to enjoy an open, academic network Three-pronged approach:

cece
Download Presentation

Managed Host Security – Patch Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Managed Host Security –Patch Management BigFix Deployment April-September 2004 Jay Stamps, ITSS Turing Auditorium, May 21, 2004

  2. Why Here? Why Now? • Because Stanford wants to protect its information resourcesandcontinue to enjoy an open, academic network • Three-pronged approach: • Patch Management • Configuration Management • Controlled Network Access • Clear that this approach requires active management of networked resources

  3. Who’s Involved? • Executive Buy-In • Internal Audit • CFO • System Governance Group • C-ACIS • Academic Senate • President/Provost • Campus-Wide Working Group • Computer Science • Earth Sciences • Graduate School of Business • Internal Audit • ITSS • Medical School • Residential Computing

  4. Patch Management • A tool / service designed to manage the application of patches to hosts • Components • An agent on each desktop and laptop computer • A server with all relevant patches & history • One or more consoles to manage / monitor the process • Relay servers to spread the patch distribution load • Basic process • Server provides new vulnerability information • Agent signals if its host needs remediation • Administrator releases patch to selected hosts

  5. Patch Management (continued) • The BigFix Enterprise Suite (BES) Internet

  6. Patching Procedures and Process • Routine: Non-security patch • Handled locally • As it is handled today or • Use patch management tool locally • Routine: Security patch No known exploits • Patch tested centrally and • Patch tested locally • Patch released after brief wait • High-risk security patch Exploits known to exist • CISO and CIO determine the rollout timeline

  7. Centrally Tested Platforms • NT 4.0 Workstation SP 6a • Windows 2000 Professional SP 4 • 2003 Server, desktop configuration • Windows XP Home SP 1 • Windows XP Pro, SP 1 • Windows ME • Windows 98 SE • Newly available critical patches will be tested on these platforms with the latest Service Packs and ESS applications installed

  8. Retrieved Properties • Computer Name • IP Address • MAC Address • OS • OS Language Version • CPU • Last Report Time • Subscription Time • Locked • Username • Blank Password Check • Free Space on System Drive • Lock Expiration • Total Size of System Drive • DNS Name • BES Relay Selection Method • Office Version • RAM • Norton AntiVirus Service Status • Norton AntiVirus DAT version • PC-Leland Version • Relay • Computer Type • PC-AFS Version • BES Relay Service Installed • BRIO Plug-in Installed • BIOS • Domain/Workgroup • Active Directory Path • Web Browser • Client Administrators • Client Settings • SU Group • SU Subgroup

  9. Managing Patch Management • Top-down and hierarchical • To provide for testing of patches • To provide for managed patch deployment • Campus divided by groups • Groups may have management sub-groups • Administrators for each group can see and manage only PCs in their own group • Each group can lock individual machines • Self-managed machines • Not part of any group

  10. Managing Patch Managementcontinued)

  11. Web Reports Total issues by Fixlet severity Issues remediated by Fixlet severity

  12. Web Reports (cont) Computers in the network with the BigFix agent, reported over time Computer vulnerability breakdown by severity Top 10 Issues identified on the computers in the network

  13. Web Report Progress Report Remediation progress report updates in near real-time as actions are being executed across the enterprise

  14. Deployment Plan • Meeting with all organizations • Administrative contacts • Technical contacts • Discussing roll-out roadmaps • Selecting target date

  15. Deployment Details • Local relays: ~ one per 500 – 1000 clients • SUGroup • Remote deployment tool • Wrapped agent installer • www.stanford.edu/dept/itss/services/bigfix/index.html • Ferret tool • Console Operators • Selection & training

  16. What’s Next? • Questions? • www.stanford.edu/dept/itss/services/bigfix/bigfix-faq.html • Added to email list • Follow up and meeting notes summary • Target date

More Related