secure your business n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Secure Your Business PowerPoint Presentation
Download Presentation
Secure Your Business

Loading in 2 Seconds...

play fullscreen
1 / 19

Secure Your Business - PowerPoint PPT Presentation


  • 82 Views
  • Uploaded on

Secure Your Business. PATCH MANAGEMENT STRATEGY. A risk based approach is key. Implement Patch Management. Sources of risk were patch management could be an important building block to reduce them: OS vulnerabilities Complex viruses/worms Exploits Spam Spyware.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Secure Your Business' - turi


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
secure your business

Secure Your Business

PATCH MANAGEMENT STRATEGY

a risk based approach is key
A risk based approach is key

Secure Your Business

Implement

Patch Management

some sources of risk
Sources of risk were patch management could be an important building block to reduce them:

OS vulnerabilities

Complex viruses/worms

Exploits

Spam

Spyware

Blended threats such as Nimda, Goner, SQL Slammer and Code Red have become increasingly more common

Perimeter Defences such as firewalls are not enough to ward off these increasingly sophisticated threats

Some sources of risk

Secure Your Business

patch management 4 steps
Patch management: 4 steps
  • Based on Microsoft Operations Framework (MOF)
  • 4 phases defined:
    • ASSES
    • IDENTIFY
    • EVALUATE and PLAN
    • DEPLOY

Secure Your Business

step 1 assess
Step 1: Assess
  • Know your computing environment
    • OS, Service Pack, HotFix, and Patch levels
    • Installed hardware (servers, desktops, laptops)
    • End-user experience and knowledge
    • IT staff abilities and knowledge
  • Determine:
    • What you have in your production environment
    • What security threats and vulnerabilities you might face
    • Whether your organization is prepared to respond to new software updates
  • Other MOF-Service Management Functions can interact

Secure Your Business

step 1 assess an ongoing process
Step 1: Assess: an Ongoing Process
  • Inventory/discover existing computing assets
  • Assess security threats and vulnerabilities
  • Determine the best source for information about new software updates
  • Assess the existing software distribution infrastructure
  • Assess operational effectiveness

Secure Your Business

step 1 assess cont d
Step 1: Assess (cont’d)
  • Assess security threats and vulnerabilities
    • Apply bulletin information to inventory
  • Determine the best source for information about new software updates
    • Use notification services to prepare for patch release
      • Preparation begins long before Patch Day
  • Assess the existing software distribution infrastructure
    • Keep a record of past experiences/success rates
  • Assess operational effectiveness
    • Are there steps that need to be improved?
    • Were there factors that led to failure/that led to success?

Secure Your Business

step 2 identify
Step 2: Identify
  • Goals:
    • Discover new software updates in a reliable way
    • Determine whether they are relevant to your production environment
    • Determine whether an update represents a normal or emergency change
  • Determine the applicability of a software update to your IT infrastructure:
    • Reading security bulletins and KB articles
    • Reviewing the individual software updates
  • Determine the applicability of a software update to your IT infrastructure

Secure Your Business

step 2 identify1
Step 2: Identify
  • Decide When to Apply the Software Update
    • Low, Medium, Important, Critical?
    • Exploited in the wild?
    • Applies to the production environment?
  • Testing
    • Confirm source files
    • Deployability
    • Installation options

Secure Your Business

step 3 evaluate and plan
Step 3: Evaluate and Plan
  • Goals:
    • Make a go/no-go decision to deploy the software update
    • Determine what is needed to deploy it
    • Test the software update in a production-like environment to confirm that it does not compromise business critical systems and applications
  • Goals:
    • Get approval for deployment
    • Pass to deployment team

Secure Your Business

step 3 evaluate and plan1
Step 3: Evaluate and Plan
  • Determine the appropriate response
    • Categorize software deployment

Secure Your Business

step 3 evaluate and plan2
Step 3: Evaluate and Plan
  • Plan the release of the software update
    • Determine what needs to be patched
    • Identify the key issues and constraints
    • Build the release plan
      • Emergency change request
  • Build the release
    • SMS 2003 package creation
      • The Distribute Software Updates Wizard eliminates much of the work that would traditionally be required to deploy a software update using SMS 2003
  • Conduct acceptance testing of the release

Secure Your Business

step 3 evaluate and plan3
Step 3: Evaluate and Plan:
  • Conduct acceptance testing of the release
    • Once installation is complete, the computer should reboot as it is designed to.
    • Software update works across slow/unreliable connections.
    • Software update is supplied with an uninstall routine -- and it works!
    • Business-critical systems and services continue to run once the software update has been installed.

Secure Your Business

step 4 deploy
Step 4: Deploy
  • Goals
    • Successfully roll out the approved software update into your production environment
    • Meet all of the requirements of any deployment service level agreements (SLAs) you have in place

Secure Your Business

step 4 deploy overview
Step 4: deploy overview
  • Deployment preparation
    • Communicating rollout schedule to the organization
    • Importing programs and advertisements from test environment
    • Assigning distribution points
    • Staging updates on distribution points
    • Selecting deployment groups

Secure Your Business

step 4 deploy post implementation
Step 4: Deploy: post implementation
  • Post-Implementation Review
    • Ensure that the vulnerabilities are added to your vulnerability scanning reports and security policy standards so the attack does not have an opportunity to recur
    • Ensure that your build images have been updated to include the latest software updates following the deployment
    • Discuss planned versus actual results and discuss the risks associated with the release
    • Review your organization’s performance throughout the incident. Improve your response plan and include lessons learned.
    • Discuss changes to your service windows.
    • Assess the total incident damage and cost—both downtime costs and recovery costs.

Secure Your Business

more information
More information?

http://www.telindus.be/Products+and+Services/Security/

http://www.microsoft.com/MOF

http://www.microsoft.com/windowsserver2003/techinfo/overview/quarantine.mspx

Secure Your Business

questions

Questions?

KOEN.BLANQUART@TELINDUS.BE

HTTP://WWW.TELINDUS.BE

thank you for your attention

Thank you for your attention

KOEN.BLANQUART@TELINDUS.BE

HTTP://WWW.TELINDUS.BE