Patch management Graham Titmus Computer Laboratory.
-
Upload
lily-powers -
Category
Documents
-
view
212 -
download
0
Transcript of Patch management Graham Titmus Computer Laboratory.
![Page 1: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/1.jpg)
Patch management
Graham Titmus
Computer Laboratory
![Page 2: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/2.jpg)
Patching and verifying
• Distribution of Patches– Group Policy– SUS server within domain
• Monitoring systems– SMS feature pack add-on for SMS 2.0– Web aggregation of status
• MBSA– Scans of domain
![Page 3: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/3.jpg)
Group Policy
• Targeting of machines via OU– Computers (CL SUS)
• Group policy applied here
– Computers• Test machines with no group policy
• Group Policy forced onto machine– Lock out override so users can’t turn it off
• Place exceptions on another VLAN
![Page 4: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/4.jpg)
Control by Group Policy
![Page 5: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/5.jpg)
Group Policy Settings
![Page 6: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/6.jpg)
SUS distribution
• Local SUS server– Collects updates via CS SUS server– Approval of updates controlled within domain
• Test updates– Several machines forced to update via
Microsoft Update Server daily– Servers tested independantly
• Approve updates after testing
![Page 7: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/7.jpg)
SMS for patches
• Capabilities include– Monitoring and Distribution– Are independent of one another– Monitoring uses same scan engine as MBSA
• Benefits– Central point for all information– Fine grain targeting for distribution– Web based reporting
![Page 8: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/8.jpg)
SMS Inventory
![Page 9: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/9.jpg)
Patches outstanding
![Page 10: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/10.jpg)
Machine status
![Page 11: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/11.jpg)
MBSA
• Useful backstop– Machines may slip through the net– Scan address range – finds stealth systems
• Instant report of current state– Important tool for crisis situation– Useful to scan VPN connected hosts
• Poor discrimination on causes– High level of noise in a diverse world
![Page 12: Patch management Graham Titmus Computer Laboratory.](https://reader036.fdocuments.in/reader036/viewer/2022083008/56649e9d5503460f94b9eafb/html5/thumbnails/12.jpg)
Why so many tools?
• Basic mechanism is Group Policy + SUS– That offers limited (no) reporting– Reporting host tools added in next version
• Management in addition– SMS provides good information collection– Can be used to distribute– Summary of status needed to plan work
• Point inspection– For visitor laptops etc.