Microsoft Solutions for Security Microsoft Solutions for Security Security Patch Security Patch Management Management Brodie Desimone, CISSP Brodie Desimone, CISSP Senior Technology Specialist Senior Technology Specialist [email protected] [email protected] Michael Nowacki, CISSP Michael Nowacki, CISSP Senior Security Technology Specialist Senior Security Technology Specialist [email protected] [email protected]
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Microsoft Solutions for SecurityMicrosoft Solutions for Security
Security Patch Security Patch ManagementManagement
Brodie Desimone, CISSPBrodie Desimone, CISSPSenior Technology SpecialistSenior Technology [email protected]@microsoft.com
Michael Nowacki, CISSPMichael Nowacki, CISSPSenior Security Technology SpecialistSenior Security Technology [email protected]@microsoft.com
ReduceFrequency,Quantity of
Patches
InadequateCommunications,
Guidance, andTraining
InconsistentPatching
Experience
Multiple,Incomplete Patch
ManagementTools
InconsistentPatch
Quality
Customer FeedbackCustomer Feedback
Microsoft Solutions for SecurityMicrosoft Solutions for Security
Addressing The SituationAddressing The Situation
• Security and patch Security and patch management management priority #1 priority #1 –– bar bar nonenone – at Microsoft– at Microsoft• Microsoft problemMicrosoft problem• Industry problemIndustry problem• Ongoing battle with malicious Ongoing battle with malicious
hackershackers
• Need comprehensive, tactical Need comprehensive, tactical and and strategic approach to strategic approach to addressing the situationaddressing the situation• Trustworthy Computing InitiativeTrustworthy Computing Initiative• Security framework and focusSecurity framework and focus• Patch Management InitiativePatch Management Initiative
Microsoft Solutions for SecurityMicrosoft Solutions for Security
TWC OverviewTWC Overview
Microsoft Solutions for SecurityMicrosoft Solutions for Security
Microsoft’s Security FrameworkMicrosoft’s Security Framework
Clear security commitmentClear security commitment Full member of the security communityFull member of the security community Microsoft Security Response Center Microsoft Security Response Center
Secure architectureSecure architecture Security aware featuresSecurity aware features Reduce vulnerabilities in the codeReduce vulnerabilities in the code
Reduce attack surface areaReduce attack surface area Unused features off by defaultUnused features off by default Only require minimum privilegeOnly require minimum privilege
Protect, detect, defend, recover, manageProtect, detect, defend, recover, manage Process: How to’s, architecture guidesProcess: How to’s, architecture guides People: TrainingPeople: Training
SDSD33 + Communications + Communications
Secure by Secure by DesignDesign
Secure by Secure by DefaultDefault
Secure in Secure in DeploymentDeployment
CommunicationsCommunications
Patch Management Patch Management InitiativeInitiativeGoalsGoals
Cross divisional team with mission to Cross divisional team with mission to resolve key patch management issuesresolve key patch management issues
Consistently high qualityConsistently high qualityConsistently small patch sizesConsistently small patch sizesMinimize reboots on patch installationMinimize reboots on patch installation
Consistently high qualityConsistently high qualityConsistently small patch sizesConsistently small patch sizesMinimize reboots on patch installationMinimize reboots on patch installation
Accurate, effective, easily discoverable, Accurate, effective, easily discoverable, and timely informationand timely informationProcess and best practice guidance; Process and best practice guidance; trainingtraining
Accurate, effective, easily discoverable, Accurate, effective, easily discoverable, and timely informationand timely informationProcess and best practice guidance; Process and best practice guidance; trainingtrainingConsistent formats and mechanisms for Consistent formats and mechanisms for discovery, applicability evaluation, un-discovery, applicability evaluation, un-installation, etc. of patches and installation, etc. of patches and updatesupdates
Consistent formats and mechanisms for Consistent formats and mechanisms for discovery, applicability evaluation, un-discovery, applicability evaluation, un-installation, etc. of patches and installation, etc. of patches and updatesupdates
The right set of functionalityThe right set of functionalityEasy to deploy, administer, useEasy to deploy, administer, useInteroperability with third party Interoperability with third party solutionssolutions
The right set of functionalityThe right set of functionalityEasy to deploy, administer, useEasy to deploy, administer, useInteroperability with third party Interoperability with third party solutionssolutions
Informed & Informed & Prepared CustomersPrepared Customers
Informed & Informed & Prepared CustomersPrepared Customers
Superior Patch Superior Patch QualityQuality
Superior Patch Superior Patch QualityQuality
Consistent & Consistent & Superior Update Superior Update
ExperienceExperience
Consistent & Consistent & Superior Update Superior Update
ExperienceExperience
Best Patch & Best Patch & Update Update
Management Management SolutionsSolutions
Best Patch & Best Patch & Update Update
Management Management SolutionsSolutions
Improve the Patching Improve the Patching ExperienceExperienceNew Patch PoliciesNew Patch Policies• Extending support to June 2004Extending support to June 2004
• Windows 2000 SP2Windows 2000 SP2• Windows NT SP6aWindows NT SP6a
• Non-emergency security patches on a Non-emergency security patches on a monthly release schedule monthly release schedule
• Allows for planning a Allows for planning a predictable monthly test and predictable monthly test and deployment cycle deployment cycle
• Packaged as individual Packaged as individual patches that can be deployed patches that can be deployed together together
• Achieves benefits of security Achieves benefits of security rollup with increased flexibilityrollup with increased flexibility
Patches for emergency issues will still release immediatelyPatches for emergency issues will still release immediately
Microsoft Solutions for SecurityMicrosoft Solutions for Security
By late 2004: Consolidation to 2 patch By late 2004: Consolidation to 2 patch installers for W2k and later, SQL 2000, Office & installers for W2k and later, SQL 2000, Office & Exchange 2003; all patches will behave the Exchange 2003; all patches will behave the same way same way (update.exe, MSI 3.0)(update.exe, MSI 3.0)
Improved tools Improved tools consistencyconsistency
By mid-2004: Consistent results from MBSA, By mid-2004: Consistent results from MBSA, SUS, SMS, Windows Update SUS, SMS, Windows Update (will all use SUS 2.0 (will all use SUS 2.0 engine for detection)engine for detection)
Reduce patch Reduce patch complexitycomplexity
Reduce risk of Reduce risk of patch deploymentpatch deployment
Now: Increased internal testing; customer Now: Increased internal testing; customer testing of patches before releasetesting of patches before releaseBy mid-2004: Rollback capability for W2k By mid-2004: Rollback capability for W2k generation products and later generation products and later (MSI 3.0 patches)(MSI 3.0 patches)
Reduce downtimeReduce downtimeNow:Now: Continued focus on reducing rebootsContinued focus on reducing rebootsBy late 2004: 30% of critical updates on By late 2004: 30% of critical updates on Windows Server 2003 SP1 installed w/o Windows Server 2003 SP1 installed w/o rebooting rebooting (“hot patching”)(“hot patching”)
Your NeedYour Need Our ResponseOur Response
Improve the Patching Improve the Patching ExperienceExperiencePatch EnhancementsPatch Enhancements
Reduce patch sizeReduce patch sizeBy late 2004: Substantially smaller patches for By late 2004: Substantially smaller patches for W2k generation and later OS & applications W2k generation and later OS & applications (Delta patching technology, next generation patching (Delta patching technology, next generation patching installers)installers)
Improved tools Improved tools capabilitiescapabilities
May 2004: Microsoft Update (MU) hosts May 2004: Microsoft Update (MU) hosts patches for W2k server, and over time SQL patches for W2k server, and over time SQL 2000, Office & Exchange 20032000, Office & Exchange 2003By mid-2004: SUS 2.0 receives content from By mid-2004: SUS 2.0 receives content from MU & adds capabilities for targeting, basic MU & adds capabilities for targeting, basic reporting and rollbackreporting and rollback
Solution ComponentsSolution Components
Analysis Analysis ToolsTools
• Microsoft Baseline Security Analyzer Microsoft Baseline Security Analyzer (MBSA)(MBSA)
• Office Inventory ToolOffice Inventory Tool
Online Online Update Update ServicesServices
• Windows UpdateWindows Update
• Office UpdateOffice Update
Content Content RepositoriesRepositories
• Windows Update CatalogWindows Update Catalog
• Office Download CatalogOffice Download Catalog
• Microsoft Download CenterMicrosoft Download Center
ManagemenManagement Toolst Tools
• Automatic Updates (AU) feature in Automatic Updates (AU) feature in WindowsWindows
• Software Update Services (SUS)Software Update Services (SUS)
• Systems Management Server (SMS)Systems Management Server (SMS)
PrescriptivePrescriptiveGuidanceGuidance
• Microsoft Guide to Security Patch Microsoft Guide to Security Patch ManagementManagement
• Patch Management Using SUSPatch Management Using SUS
• Patch Management Using SMSPatch Management Using SMS
Patch Management Patch Management GuidanceGuidance• Prescriptive guidance from Microsoft for effective Prescriptive guidance from Microsoft for effective
patch managementpatch management
• Uses Microsoft Operations Framework (MOF)Uses Microsoft Operations Framework (MOF)• Based on ITIL* (defacto standard for IT best practices) Based on ITIL* (defacto standard for IT best practices)
• Details requirements for effective patch management:Details requirements for effective patch management:• Technical & operational pre-requisitesTechnical & operational pre-requisites
• Operational processes & how technology supports themOperational processes & how technology supports them
• Daily, weekly, monthly & as-needed tasks to be Daily, weekly, monthly & as-needed tasks to be performedperformed
• Testing optionsTesting options
• Three patch management guidance offeringsThree patch management guidance offerings• Microsoft Guide to Security Patch Management**Microsoft Guide to Security Patch Management**• Patch Management using Software Update Services*** Patch Management using Software Update Services*** • Patch Management using Systems Management Patch Management using Systems Management
Server***Server***
*Information Technology Infrastructure Library*Information Technology Infrastructure Library
**Emphasizes security patching & overall security management**Emphasizes security patching & overall security management
***Comprehensive coverage of patch management using the specified technology***Comprehensive coverage of patch management using the specified technology
Microsoft Solutions for SecurityMicrosoft Solutions for Security
• Windows XP SP2 Windows XP SP2 • Improved network protectionImproved network protection• Safer email and Web browsingSafer email and Web browsing• Enhanced memory protectionEnhanced memory protection• Beta by end of 2003, RTM based on customer Beta by end of 2003, RTM based on customer
feedbackfeedback• Windows Server 2003 SP1Windows Server 2003 SP1
• Role-based security configurationRole-based security configuration• Inspected remote computersInspected remote computers• Inspected internal environmentInspected internal environment• RTM H2 CY04 RTM H2 CY04
Delivering Delivering Security TechnologiesSecurity Technologies
Client Shielding EnhancementsClient Shielding EnhancementsSecurity enhancements that Security enhancements that protect computers, even without protect computers, even without patches; Included in Win XP SP2 patches; Included in Win XP SP2 (H104) with more to follow(H104) with more to follow
Helps stop network-based attacks, Helps stop network-based attacks, file attachment viruses and buffer file attachment viruses and buffer overrunsoverruns
• Network Protection: Improved Network Protection: Improved ICF protection turned on by ICF protection turned on by defaultdefault
• Safer email: Improved Safer email: Improved attachment blocking for Outlook attachment blocking for Outlook Express and IMExpress and IM
• Safer browsing: Better user Safer browsing: Better user controls to prevent malicious controls to prevent malicious ActiveX controls and SpywareActiveX controls and Spyware
• Memory Protection: Improved Memory Protection: Improved compiler checks (/GS) to reduce compiler checks (/GS) to reduce stack overrunsstack overruns
What it What it isis
What it What it doesdoes
Key Key FeaturesFeatures
Enterprise Shielding Enterprise Shielding EnhancementsEnhancements Enterprise QuarantineEnterprise Quarantine Only clients that meet corporate Only clients that meet corporate
security standards are allowed to security standards are allowed to connect; included in Win 2003 SP1 connect; included in Win 2003 SP1 (H204) with more to follow(H204) with more to follow
Protects enterprise assets from Protects enterprise assets from infected computersinfected computers
• Enforces specific corporate Enforces specific corporate security requirements such as security requirements such as patch level, AV signature state and patch level, AV signature state and firewall statefirewall state
• Ensure these standards are met Ensure these standards are met whenwhen• VPN connections are made by remote VPN connections are made by remote
clientsclients• Wired or wireless connections are Wired or wireless connections are
made by rogue and transient clientsmade by rogue and transient clients
What it What it isis
What it What it doesdoes
Key Key FeaturesFeatures
Microsoft Solutions for SecurityMicrosoft Solutions for Security
H1 04H1 04 H2 04H2 04 FutureFutureTodayToday
Extended Extended supportsupport
Monthly Monthly patch patch releasesreleases
Baseline Baseline guidanceguidance
Community Community InvestmentsInvestments
Windows XP Windows XP SP2SP2
Patching Patching enhancementsenhancements
SMS 2003SMS 2003
SUS 2.0SUS 2.0
Microsoft Microsoft UpdateUpdate
Broad trainingBroad training
Windows Windows Server 2003 Server 2003 SP1SP1
Security Security technologiestechnologies
Next Next generation generation inspectioninspection
NGSCB NGSCB Windows Windows hardeninghardening
Continued Continued OS-level OS-level security security technologiestechnologies
Microsoft Solutions for SecurityMicrosoft Solutions for Security
Security ResourcesSecurity Resources
• New:New: IT Pro Security Zone IT Pro Security Zone• http://www.microsoft.com/technet/security/commhttp://www.microsoft.com/technet/security/comm
unityunity
• New:New: Security Guidance for the Enterprise Security Guidance for the Enterprise• http://www.microsoft.com/technet/security/bestprhttp://www.microsoft.com/technet/security/bestpr
acac• Subscribe to MSRC notifications:Subscribe to MSRC notifications:
• http://www.microsoft.com/http://www.microsoft.com/securitynotificationsecuritynotification • Trustworthy Computing:Trustworthy Computing:
• http://www.microsoft.com/http://www.microsoft.com/mscorp/innovation/twcmscorp/innovation/twc// • Hot Fix & Security Bulletin Search:Hot Fix & Security Bulletin Search:
• http://www.microsoft.com/technet/http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/treeview/default.asp?url=/technet/security/current.asp current.asp
Microsoft Solutions for SecurityMicrosoft Solutions for Security
© 2003 Microsoft Corporation. All rights reserved.© 2003 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.
Related Documents
