ECSA/LPT
EC CouncilModule XL
EC-CouncilSecurity Patches Penetration Testinge et at o est g
Penetration Testing Roadmap
Start HereInformation Vulnerability External
Gathering Analysis Penetration Testing
Fi ll Router and InternalFirewall
Penetration Testing
Router and Switches
Penetration Testing
Internal Network
Penetration Testing
IDS
Penetration Testing
Wireless Network
Penetration Testing
Denial of Service
Penetration Testing
Password Cracking
Stolen Laptop, PDAs and Cell Phones
Social EngineeringApplication
Cont’d
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration TestingPenetration Testing Penetration TestingPenetration Testing
Penetration Testing Roadmap (cont’d)(cont d)
Cont’dPhysical Database VoIP Security
Penetration Testing
Penetration testing Penetration Testing
Vi dVirus and Trojan
Detection
War Dialing VPN Penetration Testing
Log Management
Penetration Testing
File Integrity Checking
Blue Tooth and Hand held
Device Penetration Testing
Telecommunication And Broadband Comm nication
Email Security Penetration Testing
Security Patches
Data Leakage Penetration Testing
End Here
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Communication Penetration Testing
gPenetration Testing
Penetration Testing
Patch Management
It is a part of system management which involves acquiring, It is a part of system management which involves acquiring, testing, and installing of patches to an administrated computer system.
Patch management tasks include:
• Maintaining current knowledge of the available patches.• Deciding what patches are appropriate for the particular systems.
E i h h i ll d l• Ensuring that patches are installed properly.• Testing systems after installation.• Documenting all associated procedures, such as specific
configurations required
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
configurations required.
Patch and Vulnerability Group (PVG)(PVG)
PVG d l ith l bilit di ti ff t lik OS PVG deals with vulnerability remediation efforts like OS, application patching, and configuration changes.
Responsibilities of PVG:
• Conduct testing of patches and non-patch remediation • Create a database of remediation
Di t ib t i f ti l t d t l bilit d di ti • Distribute information related to vulnerability and remediation to the local administrators
• Configure automatic update of applications • Monitor security sources for vulnerability announcements like
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Monitor security sources for vulnerability announcements like patch and non-patch remediation
Penetration Testing Steps
1 • Check if organizations have a PVG in place
2 • Check whether the security environment is updated
• Check whether organization use automated patch management tools 3 Check whether organization use automated patch management tools
4 • Check the last dates of patching
5 • Check the patches on non-production systems
6 • Check the vender authentication mechanism6
7 • Check whether downloaded patches contain viruses
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
8 • Check for dependency on new patches
Step 1: Check If Organizations has a PVG in Placehas a PVG in Place
Check whether the organization has a team of Patch andgVulnerability Group (PVG).
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 2: Check Whether the Security Environment are Updated Environment are Updated
New types of vulnerabilities may arise with theinstallation of new patches.
These new patches may affect the securityenvironment.
li i i h d h kTry any malicious action on the system, and checkwhether the security environment such as firewall,antivirus, and security software tools are updated.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3: Check Whether Organization use Automated Patch Management Tools g
Check whether organizations use automated patch managementl h ZEN k P h M dtools, such as ZENworks Patch Management and
UpdateEXPERT.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 4: Check the Last Dates of PatchingPatching
Check whether Ch k th l t
the database is maintained for
patching by
Check the last date when a patch wasi ll d
patching by PVG.
installed.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 5: Check the Patches on Non-Production SystemsProduction Systems
Patches may contain malicious code that affects the system.
Before installing on the main system, check whether the patches and configuration modifications are tested on the non-production systems.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 6: Check the Vender Authentication MechanismAuthentication Mechanism
Check whether the downloaded patches are checked against any of the authentication methods.
The authentication method can be:
• Cryptographic checksums.yp g p• Pretty Good Privacy (PGP) signatures.• Digital certificates.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 7: Check Whether Downloaded Patches Contain VirusesPatches Contain Viruses
Try to download any malicious or virus patch on the system.
Run an anti-virus tool over downloaded virus patch and check whether anti-virus detects patch and check whether anti virus detects virus or not.
Check whether the virus signature database or anti-virus program is up to date.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 8: Check for Dependency of New Patches New Patches
Check whether Check whether
Check whether there is dependency b h
installing new patch inadvertently
New Patches
between the patches if installed sequentially.
inadvertently uninstalls or disables another patchpatch.
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Security Checklist for Patch ManagementManagement
Organizations should create a patchO ga at o s s ou d c eate a patcand vulnerability group (PVG).
Organizations should use automatedpatch management tools.
Download the patches from home siteof the product.o t e p oduct.
Scan the patches for viruses
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Scan the patches for viruses.
Patch Management Tools
Altiris Patch Management Solution
ANSA
BigFix Patch Manager
BindView Patch Management
C5 Enterprise Vulnerability Management Suite
E P t h M Ecora Patch Manager
eTrust Vulnerability Manager
GFI LANguard Network Security Scanner GFI LANguard Network Security Scanner
Hercules
HFNetChkPro
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
HFNetChkPro
HP OpenView Patch Manager using Radia
Patch Management Tools (cont’d)
LiveState Patch Manager
ManageSoft Security Patch Management
Marimba Patch Management
NetIQ Vulnerability Manager
Opsware Server Automation System
PatchLink Update
PolicyMaker Software Update
Prism Patch Manager
SecureCentral PatchQuest
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Security Update Manager
Patch Management Tools (cont’d)
Systems Management Server
SysUpdate
UpdateEXPERT
Windows Server Update Services
ZENworks Patch Management
LANDesk Patch Manager
Service Pack Manager
Sitekeeper (Patchkeeper module)
Software Update Services
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
p
Kaseya Patch Management
Summary
Patch management is a part of the system management which involves acquiring, testing, and installing of patches to an administrated computer system.
New types of vulnerabilities arise with the installation of latest hpatches.
Organizations should create a patch and vulnerability group (PVG).
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-CouncilCopyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited