1 / 19

Patch Management in the Enterprise

Patch Management in the Enterprise. Paula Kiernan Senior Consultant Ward Solutions. Session Overview. The Vulnerability Timeline Choosing an Update Management Solution Windows Software Update Services SMS Software Update Services. Most attacks occur here. Product shipped. Vulnerability

liam
Download Presentation

Patch Management in the Enterprise

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Patch Management in the Enterprise Paula Kiernan Senior Consultant Ward Solutions

  2. Session Overview • The Vulnerability Timeline • Choosing an Update Management Solution • Windows Software Update Services • SMS Software Update Services

  3. Most attacks occur here Product shipped Vulnerability discovered Vulnerability disclosed Update made available Update deployed by customer Understanding the Vulnerability Timeline

  4. Exploit Product shipped Vulnerability discovered Vulnerability disclosed Update made available Update deployed by customer Understanding the Exploit Timeline Days between update and exploit have decreased

  5. Consistent and Repeatable Products, tools, and automation Skills, roles, and responsibilities Successful Patch Management Processes People Technology

  6. Choosing an Update Management Solution

  7. The Benefits of Software Update Services • Gives administrators basic control over update management • Administrators can review, test, and approve updates before deployment • Simplifies and automates key aspects of the update management process • Can be used with Group Policy, but Group Policy is not required to use SUS • Easy to implement • Free tool from Microsoft

  8. SUS—How It Works Internet Windows update Child SUS server Client computers use Automatic Updates ParentSUS server Client computers

  9. Software Update Management with SMS • Built-in to SMS 2003 - Need to download the inventory tools - Security Update Inventory Tool - Office Inventory Tool • Feature pack add-on for SMS 2.0

  10. SMS for Deploying Software Updates– Benefits • Gives administrators control over patch management • Staging and testing of updates before installation • Fine-grained control of patch management options • Automates key aspects of the patch management process • Can update a broad range of Microsoft products • Can also be used to update third-party software and deploy and install any software update or application • High level of flexibility via use of scripting

  11. SMS Software Updates – How It Works • Setup: Download Security Update Inventory and Office Inventory Tools; run inventory tool installer Microsoft Download Center • Scan components replicate to SMS clients Firewall • Clients scanned; scan results merged into SMS hardware inventory data SMS DistributionPoint • Administrator uses Distribute Software Updates Wizard to authorize updates SMS Clients • Update files downloaded; packages, programs, and advertisements created/updated; packages replicated and programs advertised to SMS clients SMS Site Server SMS Clients • Software Update Installation Agent on clients deploy updates • Periodically: Sync component checks for new updates, scans clients, and deploys necessary updates SMS Clients

  12. Installing Software Update Inventory Tools • Open the SMS Administrator Console • Expand the site database • Select Download Software Update Inventory Tools option • Follow the wizard to download and install the tools • Specify the Test Collection details • Set the synchronization schedule • Packages and advertisements created to push scanning tools to clients • Wait for Hardware Inventory cycle on clients to run the scanning tools

  13. How to Use SMS to Deploy Patches • Open the SMS Administrator Console • Expand the site database • Right-click collection/update and select All Tasks > Distribute Software Updates • Create a new package and program • Browse to the patch to be deployed • Configure options for how and when the patch should be deployed on the client • Monitor deployment status

  14. SMS Considerations • Limitations in detection capabilities are same as those for MBSA and Office Inventory Tool • Command-line syntax for unattended installation of each update needs to be configured • Microsoft Office patches require extraction to edit a settings file for unattended installation • International updates must be obtained manually (Web page) • Hardware Inventory cycle must run at least once on a client after setting up Software Updates before you can deploy an update to that client

  15. Demonstration: Deploying Software Updates Using SMS

  16. Session Summary ü Have a Patch Management strategy!!! Use an update management solution that meets your requirements ü Take advantage of the free software supplied by Microsoft ü ü Subscribe to the security notification service For granular control and detailed reporting use SMS for update management ü ü Keep your systems up-to-date

  17. Next Steps • Find additional security training events: http://www.microsoft.com/ireland/security.mspx • Sign up for security communications: http://www.microsoft.com/technet/security/signup/default.mspx • Order the Security Guidance Kit: http://www.microsoft.com/security/guidance/order/default.mspx • Get additional security tools and content: http://www.microsoft.com/security/guidance

  18. Questions and Answers

  19. Contact Details Paula Kiernan Ward Solutions paula.kiernan@ward.ie www.ward.ie

More Related