The risks of Patching - PowerPoint PPT Presentation

1 / 33
About This Presentation
Title:

The risks of Patching

Description:

Worst case Line of business stuff breaks. Best case everything works ... Free stuff? History of risks in SBSland. Code Red. Nimda. Nail the server. Today? ... – PowerPoint PPT presentation

Number of Views:48
Avg rating:3.0/5.0
Slides: 34
Provided by: Bit2
Category:
Tags: free | patching | risks | stuff

less

Transcript and Presenter's Notes

Title: The risks of Patching


1
The risks of Patching
  • Keeping your network safe during those zero days
  • WWW.SBSDIVA.COM

2
Who am I?
  • Patchaholic
  • SBS MVP
  • Security MVP
  • Been patchin SBSs since SBS 4.0
  • Used to squint when rebooting

3
So whats the first questions to ask?
  • What tool?
  • What patch engine?
  • What will break what?
  • Tool isnt important
  • Process

4
What is a patch?
  • Bug
  • Flaw
  • Something that needs fixing
  • Patch Security patch

5
Why should we patch?
  • Worst case scenario
  • Fixing an issue where attacker from remote can
    hurt
  • Code Execution
  • Take control of system

6
Understanding the risks of patching
  • Worst case Line of business stuff breaks
  • Best case everything works
  • Typical patch month for your networks
  • Whats broken in the past for you?

7
What if you dont patch?
  • Whats the worst thing that happens?
  • Well..
  • How many of the owned servers come in from
    unpatched workstations?

8
Risks in a SBS network
  • Server?
  • Ports open?
  • WORKSTATIONS
  • Local administrator
  • Download anything?
  • Free stuff?

9
History of risks in SBSland
  • Code Red
  • Nimda
  • Nail the server
  • Today?
  • Keep the system working
  • Borrow the bandwidth

10
Greatest risks?
  • Review your networks
  • Desktops
  • If you nail the server?
  • If you nail a workstation?
  • How expendable?

11
How to determine what/when?
  • Read the bulletin
  • Whats the riskiest?
  • Read the criticality
  • From remote?
  • Mere surfing?

12
Win2k3 /XP sp2
  • Typical threats come from authenticated
    connections
  • Lesser risks to these platforms
  • A/V
  • Spyware
  • Safe surfing
  • IE 7

13
Windows 2000
  • Risks from anonymous connections
  • From remote
  • Coded up exploits typically work

14
Window to patch
  • Patch comes out at 1000 a.m 1100 a.m Pacific
  • Reverse engineer the patch to see what its
    fixing
  • Determine issue
  • Code vulnerability
  • Typically within 20 minutes or so vulnerability
    is identified

15
Zero Days
  • Vulnerability is out
  • Used to exploit/to harm
  • No patch
  • But does that mean we are unprotected?

16
Window to patch
  • Can it be automated?
  • Can it be wormable
  • Whats Metasploit?

17
Recent issues
  • Focusing more on workstations
  • Focusing more on applications
  • Less on servers
  • Zero day Word still unpatched!

18
When to patch?
  • Do we have to do servers as soon as possible?
  • Wheres our biggest risk of patching?
  • Whats hurt in the past?
  • Build an ouch database for your clients
    applications

19
When to patch?
  • If weve mitigated already?
  • Why do we need to patch now?
  • Mitigate, patch later?

20
Now that we will patch
  • Will it hurt?
  • Check the caveat section
  • Review the community
  • Google on the KB number
  • Review the Windows update newsgroup
  • www.patchmanagement.org
  • Are you seeing?

21
How/what to test?
  • Microsoft performs patch testing
  • Dont test the basics
  • Identify the clients key applications
  • Identify a patch canary

22
Patch gets approved
  • Tested on one workstation
  • Done your research?
  • NOW deploy

23
Deploy with?
  • WSUS
  • SBS 2003 r2
  • Shavlik
  • Patchlink
  • Other?

24
..but what about non MS?
  • Adobe
  • Flash
  • Firefox
  • Sun Java
  • Even your antivirus

25
The SVCHost.exe issue
  • 100 CPU
  • There is a new hotfix 927891
  • Aggravated by WSUS
  • Seen on many platforms

26
Resources for Risk
  • Security bulletins
  • Advisories
  • www.incidents.org
  • www.patchmanagement.org
  • Your group

27
Tuesdays patches
  • Outlook
  • Excel
  • VML (again?!)
  • Office 2003
  • Were supposed to have 8
  • We had 4

28
Patch guidelines
29
Patch Recap
30
Now then
  • Do you agree?
  • What issues have similar replaced patches have?
  • Whats broken in the past?
  • What files were patches with that?

31
And dont forget.
  • Are you seeing.. ?

32
Eyeball the Windows Update newsgroup
33
Questions?
  • Resources
  • www.patchmanagement.org
  • Security bulleitin
  • Monthly security webcast
Write a Comment
User Comments (0)
About PowerShow.com