Patch Management in the Enterprise - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Patch Management in the Enterprise

Description:

... update and exploit have decreased. 14. Sasser. 25. Blaster. 151. Welchia/Nachi. 331. Nimda. 180. SQL Slammer. Days between update and exploit. Malware Attack ... – PowerPoint PPT presentation

Number of Views:49
Avg rating:3.0/5.0
Slides: 20
Provided by: downloadM
Category:

less

Transcript and Presenter's Notes

Title: Patch Management in the Enterprise


1
Patch Management in the Enterprise
  • Paula Kiernan
  • Senior Consultant
  • Ward Solutions

2
Session Overview
  • The Vulnerability Timeline
  • Choosing an Update Management Solution
  • Windows Software Update Services
  • SMS Software Update Services

3
Understanding the Vulnerability Timeline
4
Understanding the Exploit Timeline
Days between update and exploit have decreased
5
Successful Patch Management
Processes
People
Technology
6
Choosing an Update Management Solution
7
The Benefits of Software Update Services
  • Gives administrators basic control over
    update management
  • Administrators can review, test, and approve
    updates before deployment
  • Simplifies and automates key aspects of the
    update management process
  • Can be used with Group Policy, but Group Policy
    is not required to use SUS
  • Easy to implement
  • Free tool from Microsoft

8
SUSHow It Works
Internet
Windows update
Child SUS server
Client computers use Automatic Updates
ParentSUS server
Client computers
9
Software Update Management with SMS
  • Built-in to SMS 2003
  • - Need to download the inventory tools
  • - Security Update Inventory Tool
  • - Office Inventory Tool
  • Feature pack add-on for SMS 2.0

10
SMS for Deploying Software Updates Benefits
  • Gives administrators control over patch
    management
  • Staging and testing of updates before
    installation
  • Fine-grained control of patch management options
  • Automates key aspects of the patch management
    process
  • Can update a broad range of Microsoft products
  • Can also be used to update third-party software
    and deploy and install any software update or
    application
  • High level of flexibility via use of scripting

11
SMS Software Updates How It Works
  • Setup Download Security Update Inventory and
    Office Inventory Tools run inventory tool
    installer

Microsoft Download Center
  • Scan components replicate to SMS clients

Firewall
  • Clients scanned scan results merged into SMS
    hardware inventory data

SMS DistributionPoint
  • Administrator uses Distribute Software Updates
    Wizard to authorize updates

SMS Clients
  • Update files downloaded packages, programs, and
    advertisements created/updated packages
    replicated and programs advertised to SMS clients

SMS Site Server
SMS Clients
  • Software Update Installation Agent on clients
    deploy updates
  • Periodically Sync component checks for new
    updates, scans clients, and deploys necessary
    updates

SMS Clients
12
Installing Software Update Inventory Tools
  • Open the SMS Administrator Console
  • Expand the site database
  • Select Download Software Update Inventory Tools
    option
  • Follow the wizard to download and install the
    tools
  • Specify the Test Collection details
  • Set the synchronization schedule
  • Packages and advertisements created to push
    scanning tools to clients
  • Wait for Hardware Inventory cycle on clients to
    run the scanning tools

13
How to Use SMS to Deploy Patches
  • Open the SMS Administrator Console
  • Expand the site database
  • Right-click collection/update and select All
    Tasks gt Distribute Software Updates
  • Create a new package and program
  • Browse to the patch to be deployed
  • Configure options for how and when the patch
    should be deployed on the client
  • Monitor deployment status

14
SMS Considerations
  • Limitations in detection capabilities are same as
    those for MBSA and Office Inventory Tool
  • Command-line syntax for unattended installation
    of each update needs to be configured
  • Microsoft Office patches require extraction to
    edit a settings file for unattended installation
  • International updates must be obtained manually
    (Web page)
  • Hardware Inventory cycle must run at least once
    on a client after setting up Software Updates
    before you can deploy an update to that client

15
Demonstration Deploying Software Updates Using
SMS

16
Session Summary
ü
Have a Patch Management strategy!!!
Use an update management solution that meets your
requirements
ü
Take advantage of the free software supplied by
Microsoft
ü
ü
Subscribe to the security notification service
For granular control and detailed reporting use
SMS for update management
ü
ü
Keep your systems up-to-date
17
Next Steps
  • Find additional security training events
  • http//www.microsoft.com/ireland/security.mspx
  • Sign up for security communications
  • http//www.microsoft.com/technet/security/signup/
    default.mspx
  • Order the Security Guidance Kit
  • http//www.microsoft.com/security/guidance/order/
    default.mspx
  • Get additional security tools and content
  • http//www.microsoft.com/security/guidance

18
Questions and Answers
19
Contact Details
  • Paula Kiernan
  • Ward Solutions
  • paula.kiernan_at_ward.ie
  • www.ward.ie
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Patch Management in the Enterprise" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!