Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.
-
Upload
elizabeth-hutchinson -
Category
Documents
-
view
213 -
download
0
Transcript of Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.
![Page 1: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/1.jpg)
Patch ManagementOnly part of the solution…..
Bob Isaak
Mar 04, 2004
![Page 2: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/2.jpg)
2
Monthly Vulnerability Alerts
Source: Security Focus Statistics 2002
![Page 3: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/3.jpg)
3
Operating Systems
Source: Security Focus Statistics 2002
![Page 4: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/4.jpg)
4
Vendors
Source: Security Focus Statistics 2002
![Page 5: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/5.jpg)
5
The Challenges
Server & PC Inventory-What & Where Software components & running services Agentless Auto discovery to remain current
Patch and Service Pack Status of Servers and PCs
Currently installed service packs Previous patches All components O/S, Exchange, SQL & IIS
Patch Dependency Analysis Pre-requisites Co-requisites Service Packs which supersede patches
Patch Inventory and Patch Classification Criticality Severity or Exposure
![Page 6: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/6.jpg)
6
The Challenges (cont…)
Patch Matching Reports or System Base lining/Modeling Patches required based on role Patches required compared to “the standard”
Role-Based Administration/Server and PC Grouping Security vs Admin SQL vs IIS vs Domain Controller vs File Server
Patch Distribution and Installation Automate intervention Distributed patch servers Roll back if required
![Page 7: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/7.jpg)
7
Platform and Application Support Not just a Microsoft problem Not just an IIS or Windows problem Extends to Unix, Application Servers, & Database Servers
Agent vs. Agentless Architectures Agents provide more functionality but are more expensive to deploy and
maintain Agents may be required for mobile and remote users. Leverage existing configuration management technologies Agents may conflict with applications
The Challenges (cont…)
![Page 8: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/8.jpg)
8
Weekly Vulnerability Assessment SANS Weekly CVE Notification Review Security Team & Operational Teams Initial Exposure Assessment Formal Risk Assessment Customer Notification & Approval Remediation Recommendations Review
Our Approach
![Page 9: Patch Management Only part of the solution….. Bob Isaak Mar 04, 2004.](https://reader036.fdocuments.in/reader036/viewer/2022083007/56649e765503460f94b7783d/html5/thumbnails/9.jpg)