1 / 14

Host and Application Security

Host and Application Security. Lesson 22: Patch Management. On to more managerial things. The two biggest issues for most users are: Configuration We have secure software, but the host is configured insecurely… example? Patch management

reya
Download Presentation

Host and Application Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Host and Application Security Lesson 22: Patch Management

  2. On to more managerial things • The two biggest issues for most users are: • Configuration • We have secure software, but the host is configured insecurely… example? • Patch management • We have insecure software because we are running an old version

  3. Versioning • In principle, very simple • Audit the software you have • Keep it all up to date

  4. Vulnerability Lifecycle

  5. Not as easy as it sounds • Patching isn’t always benign • Patching needs to be validated • Knowing what you’re running

  6. Patching isn’t benign • Ever tried to upgrade a kernel in gentoo? • Better yet, ever tried to upgrade a module in perl in gentoo with a heavily patched kernel? • RIGHT! Patching, even when given a good patch is sometimes lots of work

  7. Patching needs to be validated • You’re running software on an Airbus A330 • You want to make a change to deal with a vulnerability… • What are the tradeoffs? • How can we validate?

  8. Audit • Figuring out what you need to patch isn’t easy either

  9. Solution: Autoupdate? • What are the implications? • Benefits? • Disadvantages?

  10. Solution: Patch Tuesday? • Microsoft has a pretty predictable patch schedule • Benefits? • Disadvantages?

  11. Something you can do • Secunia – wonderful piece of software!

  12. Scaling issues • Managing a single machine versus managing a LOT of machines…

  13. Penguins versus whatever ms-logo is… • There are fundamental differences between open and closed source Oses currently with regard to patching • Discuss

  14. To Do • Taking your own machine as an example, figure out what software is on it, what version and what version is current. For each thing found that is out of date, what are the vulnerabilities associated with it? Come up with your own plan for managing software on your machine and document it.

More Related