Stanford’s Patch Management Project Ced Bennett May 17, 2004 Copyright Cedric Bennett 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Stanford’sPatch Management
ProjectCed Bennett
May 17, 2004
Copyright Cedric Bennett 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author.
Technical Environment
45,000 hosts on Stanford network 25,000 with various flavors of MS Windows Other’s are Unix, Linux, Mac Support
Widely distributed Fairly uneven
High speed, high capacity network Multiple network feeds No perimeter firewall
Limited filtering at border routers
Precipitating Event
MS RPC vulnerability and patch Announced on July 17, 2003 NetBIOS ports already blocked at border “Blaster” attacks began around August 1
Network attacks blocked at the border Multiple instances “walked around” border
After the dust settled 8,000 Windows platforms compromised! Cost of repair / control > $1,250,000 Cost of lost work / productivity not calculated Under control before students arrived
Black Cloud
Huge, costly, debilitating event Widespread concern
President, Academic Senate, Administrators
Black Cloud Silver Lining
Huge, costly, debilitating event Widespread concern
President, Academic Senate, Administrators Strategy for distributed platforms
Leverage that concern Develop approaches to prevention Obtain technical buy-in Communicate and educate Implement
Approach and Buy-In
Formed a cross-campus technical task force Included technology leaders from
Medical School, School of Engineering (Computer Science), Graduate School of Business, Residential Computing, Earth Sciences, Internal Audit, ITSS
Developed the technical approach Patch management Configuration support Controlled network access
Created a Managed Host Security project
Patch Management Project
Product criteria developed by Task Force Multi-platform support
Windows initial focus Ability to manage centrally
But also provide for local control Ease of use
Agent-based Strong security model
Examined marketplace alternatives Selected BigFix Enterprise Suite (BES)
Patch Management Project (continued)
Communication and education
An unpatched system…
… is a disaster waiting to happen!Photo © 2004 Quantum Corp
Patch Management Project (continued)
Ordered server equipment Started working with interim equipment
Developed patch management processes Patch Testing Central and local responsibilities
Local console operator training Exception handling Patch deployment
Agent deployment Managing with focus on local control Still underway
Related Documents
