kai axford, cissp, mcse-security technet presenter microsoft corporation [email protected]...
TRANSCRIPT
Kai Axford, CISSP, MCSE-SecurityKai Axford, CISSP, MCSE-SecurityTechNet PresenterTechNet PresenterMicrosoft CorporationMicrosoft [email protected]@microsoft.com
Implementing Security Implementing Security Update ManagementUpdate Management
Who is Kai Axford?Who is Kai Axford?
• Employed at Microsoft for 6+ yearsEmployed at Microsoft for 6+ years• Currently enrolled in Currently enrolled in MBA: Information AssuranceMBA: Information Assurance
program at Univ of Dallasprogram at Univ of Dallas• Former Squad Leader with the 75Former Squad Leader with the 75 thth Ranger Regiment Ranger Regiment• Over 200+ live security events and webcasts including Over 200+ live security events and webcasts including
TechEd, COMDEX, Microsoft Security Summits, etc.TechEd, COMDEX, Microsoft Security Summits, etc.
• ……and a HUGE Green Bay Packers fan!and a HUGE Green Bay Packers fan!
Session PrerequisitesSession Prerequisites
Hands-on experience with MicrosoftHands-on experience with Microsoft®® WindowsWindows®® 2000 Server 2000 Server™™ or Microsoft or Microsoft®® Windows Server 2003Windows Server 2003™™ management tools management tools
Level 200
AgendaAgenda
• Update Management OverviewUpdate Management Overview
• Update Management ProcessUpdate Management Process
• Update Management ToolsUpdate Management Tools
Business Case for Update Business Case for Update ManagementManagement
• DowntimeDowntime
• Remediation timeRemediation time
• Questionable data integrityQuestionable data integrity
• Lost credibilityLost credibility
• Negative public relationsNegative public relations
• Legal defensesLegal defenses
• Stolen intellectual propertyStolen intellectual property
Product Product shippedshippedProduct Product shippedshipped
VulnerabilityVulnerabilitydiscovereddiscovered
VulnerabilityVulnerabilitydiscovereddiscovered
Update made Update made availableavailable
Update made Update made availableavailable
Update deployedUpdate deployedby customerby customer
Update deployedUpdate deployedby customerby customer
VulnerabilityVulnerabilitydiscloseddisclosed
VulnerabilityVulnerabilitydiscloseddisclosed
Most attacks occur Most attacks occur herehere
Understanding the Vulnerability Understanding the Vulnerability TimelineTimeline
Product Product shippedshippedProduct Product shippedshipped
VulnerabilityVulnerabilitydiscovereddiscovered
VulnerabilityVulnerabilitydiscovereddiscovered
Update made Update made availableavailable
Update made Update made availableavailable
Update deployedUpdate deployedby customerby customer
Update deployedUpdate deployedby customerby customer
VulnerabilityVulnerabilitydiscloseddisclosed
VulnerabilityVulnerabilitydiscloseddisclosed
Most attacks occur Most attacks occur herehere
Malware Malware AttackAttack
Days Between Days Between Update and Exploit Update and Exploit
NimdaNimda 331331
SQL SlammerSQL Slammer 180180
Welchia/NachiWelchia/Nachi 151151
BlasterBlaster 2525
SasserSasser 1414
Understanding the Exploit Time Understanding the Exploit Time LineLine
Microsoft Update Severity Microsoft Update Severity RatingsRatings
See “Microsoft Security Bulletin Search” on the See “Microsoft Security Bulletin Search” on the Microsoft TechNet Web siteMicrosoft TechNet Web site
RatingRating DefinitionDefinition
CriticalCritical Exploitation could allow the propagation of an Exploitation could allow the propagation of an Internet worm with user actionInternet worm with user action
ImportantImportant Exploitation could result in compromise of user Exploitation could result in compromise of user data or the availability of processing resourcesdata or the availability of processing resources
ModerateModerate
Exploitation is serious, but is mitigated to a Exploitation is serious, but is mitigated to a significant degree by default configuration, significant degree by default configuration, auditing, need for user action, or difficulty of auditing, need for user action, or difficulty of exploitationexploitation
LowLow Exploitation is extremely difficult or impact is Exploitation is extremely difficult or impact is minimalminimal
Update Time FramesUpdate Time Frames
Severity Severity RatingRating Recommended Update Time FrameRecommended Update Time Frame
RecommendedRecommendedMaximum Update Maximum Update Time FrameTime Frame
CriticalCritical Within 24 hoursWithin 24 hours Within two weeksWithin two weeks
ImportantImportant Within one monthWithin one month Within two monthsWithin two months
ModerateModerate
Depending on expected availability, wait Depending on expected availability, wait for next service pack or update rollup that for next service pack or update rollup that includes the update, or deploy the update includes the update, or deploy the update within four monthswithin four months
Deploy the update Deploy the update within six monthswithin six months
LowLow
Depending on expected availability, wait Depending on expected availability, wait for next service pack or update rollup that for next service pack or update rollup that includes the update, or deploy the update includes the update, or deploy the update within one yearwithin one year
Deploy the update Deploy the update within one year, or within one year, or choose not to deploy choose not to deploy at allat all
Improving the Updating Improving the Updating ExperienceExperience
Your NeedYour Need Microsoft ResponseMicrosoft Response
Reduce update Reduce update frequencyfrequency
Reduced frequency of non-emergency update Reduced frequency of non-emergency update releases from once per week to once per monthreleases from once per week to once per month
Reduce updating Reduce updating complexitycomplexity Reduced number of update installer technologiesReduced number of update installer technologies
Reduce risk of Reduce risk of update deploymentupdate deployment
Improved update quality and introduced Improved update quality and introduced update rollback capabilityupdate rollback capability
Reduce update sizeReduce update size Developed “delta updating” technology to Developed “delta updating” technology to reduce update sizereduce update size
Improve tool Improve tool consistencyconsistency Developing consistent toolsDeveloping consistent tools
Improve tool Improve tool capabilitiescapabilities Developing more capable toolsDeveloping more capable tools
Identifying Common Malware Identifying Common Malware Defense MethodsDefense Methods
Malware AttackMalware Attack Defense MethodDefense Method
MydoomMydoomBlock port 1034 Block port 1034 Update antivirus signatures Update antivirus signatures Implement application securityImplement application security
SasserSasser Block ports 445, 5554, and 9996Block ports 445, 5554, and 9996Install the latest security update Install the latest security update
BlasterBlaster
Install the latest security update Install the latest security update Block TCP ports 135, 139, 445, and 593 and UDP ports 135, 137, Block TCP ports 135, 139, 445, and 593 and UDP ports 135, 137, and 138, and also block UDP ports 69 (TFTP) and TCP 4444 for and 138, and also block UDP ports 69 (TFTP) and TCP 4444 for remote command shell. remote command shell. Update antivirus signatures Update antivirus signatures
SQL SlammerSQL Slammer Install the latest security update Install the latest security update Block UDP port 1434 Block UDP port 1434
Download.JectDownload.Ject Install the latest security update Install the latest security update Increase security on the Local Machine zone in Internet ExplorerIncrease security on the Local Machine zone in Internet ExplorerClean any infections related to IIS Clean any infections related to IIS
What Is Defense-in-Depth?What Is Defense-in-Depth?
Using a layered approach:Using a layered approach:• Increases an attacker’s risk of detection Increases an attacker’s risk of detection • Reduces an attacker’s chance of successReduces an attacker’s chance of success
Security policies, procedures, and Security policies, procedures, and educationeducation
Policies, procedures, and awareness
Guards, locks, tracking devicesGuards, locks, tracking devicesPhysical securityPhysical securityPhysical securityPhysical security
Application hardeningApplication hardeningApplicationApplication
OS hardening, authentication, OS hardening, authentication, update management, antivirus updates, update management, antivirus updates, auditingauditing
HostHost
Network segments, IPSec, NIDSNetwork segments, IPSec, NIDSInternal networkInternal network
Firewalls, boarder routers, VPNs with Firewalls, boarder routers, VPNs with quarantine proceduresquarantine proceduresPerimeterPerimeter
Strong passwords, ACLs, encryption, Strong passwords, ACLs, encryption, EFS, backup and restore strategyEFS, backup and restore strategyDataData
Security policies, procedures, and Security policies, procedures, and educationeducation
Policies, procedures, and awareness
Guards, locks, tracking devicesGuards, locks, tracking devicesPhysical securityPhysical security
Application hardeningApplication hardeningApplicationApplication
OS hardening, authentication, OS hardening, authentication, update management, antivirus updates, update management, antivirus updates, auditingauditing
HostHost
Network segments, IPSec, NIDSNetwork segments, IPSec, NIDSInternal networkInternal network
Firewalls, boarder routers, VPNs with Firewalls, boarder routers, VPNs with quarantine proceduresquarantine proceduresPerimeterPerimeter
Strong passwords, ACLs, encryption, Strong passwords, ACLs, encryption, EFS, backup and restore strategyEFS, backup and restore strategyDataData
Update Management ProcessUpdate Management Process
• Update Management OverviewUpdate Management Overview
• Update Management ProcessUpdate Management Process
• Update Management ToolsUpdate Management Tools
Effective Processes
Effective Operations
Tools and Technologies
Project management, Project management, four-phase update four-phase update management processmanagement process
Project management, Project management, four-phase update four-phase update management processmanagement process
Products, tools, automationProducts, tools, automationProducts, tools, automationProducts, tools, automation
People who understand People who understand their roles and their roles and responsibilitiesresponsibilities
People who understand People who understand their roles and their roles and responsibilitiesresponsibilities
Requirements for Successful Requirements for Successful Update ManagementUpdate Management
Update Management ProcessUpdate Management Process
AssessAssess
Inventory computing assets
Assess threats and vulnerabilities
Determine the best source for information about new updates
Assess your software distribution infrastructure
Assess operational effectiveness
Inventory computing assets
Assess threats and vulnerabilities
Determine the best source for information about new updates
Assess your software distribution infrastructure
Assess operational effectiveness
11 IdentifyIdentify
Discover new updates
Determine whether updates are relevant to your environment
Obtain update, confirm it is safe
Determine if update is a normal change or an emergency
Discover new updates
Determine whether updates are relevant to your environment
Obtain update, confirm it is safe
Determine if update is a normal change or an emergency
22 Evaluate and PlanEvaluate and Plan
Determine whether the update is actually required
Plan the release of the update
Build the release
Perform acceptance testing
Determine whether the update is actually required
Plan the release of the update
Build the release
Perform acceptance testing
33 DeployDeploy
Prepare for deployment
Deploy the update to targeted computers
Review the deployment
Prepare for deployment
Deploy the update to targeted computers
Review the deployment
44
4Deploy
4Deploy
1Assess
1Assess
2Identify
2Identify
3Evaluateand Plan
3Evaluateand Plan
Assess• Inventory computing assets• Assess threats and vulnerabilities• Determine the best source for
information about new updates
• Assess your software distribution infrastructure
• Assess operational effectiveness
Deploy
Prepare for deployment
Deploy the update to targeted computers
Review the deployment
Evaluate and Plan
• Determine whether the update is actually required
• Plan the release of the update
• Build the release
• Perform acceptance testing
DeployDeploy
AssessAssess IdentifyIdentify
Evaluateand PlanEvaluateand Plan
22
Identify
• Discover new updates
• Determine whether updates are relevant to your environment
• Obtain update, confirm it is safe
• Determine if update is a normal change or an emergency
44
11
22
Microsoft Update Management Microsoft Update Management GuidanceGuidance• Guide: Patch Management Process• How To: Implement Patch Management• How To: Use Microsoft Baseline Security Analyzer (MBSA)• How To: Perform Patch Management Using SMS• Microsoft Server Windows Update Services Deployment
Guide
The guide and articles are available on the Patch The guide and articles are available on the Patch Management page of the Microsoft TechNet Web siteManagement page of the Microsoft TechNet Web site
The WSUS deployment guide is available on the Microsoft The WSUS deployment guide is available on the Microsoft Windows Server Update Services Deployment Guide page of Windows Server Update Services Deployment Guide page of the Microsoft Windows Server System Web sitethe Microsoft Windows Server System Web site
Update Management ToolsUpdate Management Tools
• Update Management OverviewUpdate Management Overview
• Update Management ProcessUpdate Management Process
• Update Management ToolsUpdate Management Tools
Choosing an Update Choosing an Update Management SolutionManagement Solution
Customer Customer typetype ScenarioScenario SolutionSolution
ConsumerConsumer All scenariosAll scenarios Microsoft UpdateMicrosoft Update
Small Small organizationorganization
Has no Windows serversHas no Windows servers Microsoft UpdateMicrosoft Update
Has one to three Windows 2000Has one to three Windows 2000or newer servers and one IT or newer servers and one IT
administratoradministratorMBSA and WSUSMBSA and WSUS
Medium-sized or Medium-sized or large enterpriselarge enterprise
Wants an update management solution Wants an update management solution with basic control to update Windows with basic control to update Windows 2000 and newer versions of Windows2000 and newer versions of Windows
MBSA and WSUSMBSA and WSUS
Wants a single flexible update Wants a single flexible update management solution with extended management solution with extended
level of control to update and distribute level of control to update and distribute all softwareall software
Systems Management Systems Management ServerServer
Update Management Solution for Update Management Solution for Consumers and Small OrganizationsConsumers and Small Organizations
• Update management solution Update management solution based on Protect Your PC:based on Protect Your PC:
1.1. Use an Internet firewallUse an Internet firewall
2.2. Get computer updatesGet computer updates• Microsoft UpdateMicrosoft Update
3.3. Use up-to-date antivirusUse up-to-date antivirussoftwaresoftware
• Deploy MicrosoftDeploy Microsoft®® Windows Windows®® XP SP 2XP SP 2
• See the Protect Your PC page See the Protect Your PC page on the Microsoft Security at on the Microsoft Security at Home Web siteHome Web site
Office UpdateOffice Update
• Benefits: Benefits: – Single location for MicrosoftSingle location for Microsoft®® Office updates Office updates– Easy to useEasy to use– Can download delta or full-file versions of updatesCan download delta or full-file versions of updates
• Limitation:Limitation:– Does not support Automatic Updates; updating must be Does not support Automatic Updates; updating must be
initiated manuallyinitiated manually• The Microsoft Update site includes Office updates and supports The Microsoft Update site includes Office updates and supports
Automatic UpdatesAutomatic Updates• Visit the Downloads page of the Microsoft Office Visit the Downloads page of the Microsoft Office
Online Web siteOnline Web site
Size of Size of organizationorganization
ScenarioScenarioUpdate Update
management management solutionsolution
SmallSmallHas one to three servers Has one to three servers
running Windows 2000 or later running Windows 2000 or later and one IT administratorand one IT administrator
MBSA and WSUSMBSA and WSUS
Medium or Medium or largelarge
Wants an update management Wants an update management solution with basic level of solution with basic level of
control that updates computers control that updates computers running Windows 2000, running Windows 2000,
Windows XP, and Windows Windows XP, and Windows Server 2003 and some Microsoft Server 2003 and some Microsoft
applicationsapplications
MBSA and WSUSMBSA and WSUS
Update Management Solution for Small Update Management Solution for Small and Medium-Sized Organizationsand Medium-Sized Organizations
MBSA BenefitsMBSA Benefits
• Scans systems for:Scans systems for:– Missing security updatesMissing security updates
– Potential configuration issuesPotential configuration issues
• Works with a broad range of Microsoft softwareWorks with a broad range of Microsoft software
• Allows an administrator to centrally scan multiple Allows an administrator to centrally scan multiple computers simultaneouslycomputers simultaneously
• MBSA is a free tool, and can be downloaded from the MBSA is a free tool, and can be downloaded from the Microsoft Baseline Security Analyzer page on the Microsoft Microsoft Baseline Security Analyzer page on the Microsoft TechNet Web siteTechNet Web site
MBSA ConsiderationsMBSA Considerations
• Password weaknessesPassword weaknesses• Guest account not disabledGuest account not disabled• Auditing not configuredAuditing not configured• Unnecessary services installedUnnecessary services installed• IIS security issuesIIS security issues• Internet Explorer zone settingsInternet Explorer zone settings• Automatic Updates configurationAutomatic Updates configuration• Windows XP firewall configurationWindows XP firewall configuration
MBSA – How It WorksMBSA – How It Works
Windows Windows Download CenterDownload Center
WSUSScan.cabWSUSScan.cab
MBSAMBSAComputerComputer
MBSA – Scan OptionsMBSA – Scan Options
• MBSA has two scan options:MBSA has two scan options:– MBSA graphical user interface (GUI)MBSA graphical user interface (GUI)– MBSA standard command-line interface (mbsacli.exe)MBSA standard command-line interface (mbsacli.exe)
• When scanning for security updates, you can When scanning for security updates, you can configure MBSA to:configure MBSA to:– Update the Microsoft Update Agent on all scanned Update the Microsoft Update Agent on all scanned
computerscomputers– Use a WSUS server as the update sourceUse a WSUS server as the update source– Use Microsoft Update as the update sourceUse Microsoft Update as the update source
Using the Microsoft Baseline Using the Microsoft Baseline Security AnalyzerSecurity Analyzer
Scan a computer using MBSAScan a computer using MBSA Review an MBSA reportReview an MBSA report Examine the Mbsacli.exe command-line toolExamine the Mbsacli.exe command-line tool
demonstrationdemonstration
WSUS BenefitsWSUS Benefits
• Gives administrators control over update Gives administrators control over update managementmanagement– Administrators can review, test, and approve updates Administrators can review, test, and approve updates
before deploymentbefore deployment
• Simplifies and automates key aspects of the update Simplifies and automates key aspects of the update management processmanagement process– Can be used with Group Policy, but Group Policy is not Can be used with Group Policy, but Group Policy is not
required to use WSUSrequired to use WSUS
• Easy to implementEasy to implement• Free tool from MicrosoftFree tool from Microsoft
Comparing SUS and WSUSComparing SUS and WSUS
• Common FeaturesCommon Features– Can only update computers running Windows XP, Windows 2000, or Can only update computers running Windows XP, Windows 2000, or
Windows Server 2003Windows Server 2003– No option for pushing updates – clients must pull updates from the No option for pushing updates – clients must pull updates from the
serverserver
• WSUS EnhancementsWSUS Enhancements– Expanded support for Microsoft products such as Office, SQL Server, Expanded support for Microsoft products such as Office, SQL Server,
and Exchange Serverand Exchange Server– Can create and manage computer groupsCan create and manage computer groups– More options for managing updatesMore options for managing updates– More options for configuring agentsMore options for configuring agents– More efficient use of network bandwidthMore efficient use of network bandwidth
WSUS – How It WorksWSUS – How It Works
WSUS ServerWSUS Server
Microsoft UpdateMicrosoft Update
Client ComputersClient ComputersGroupGroup
Windows ServersWindows ServersGroupGroup
WSUSWSUSAdministratorAdministrator
Pilot ComputersPilot ComputersGroupGroup
FirewallFirewall
WSUS – Deployment ScenariosWSUS – Deployment Scenarios
Main OfficeMain OfficeWSUS ServerWSUS Server
DisconnectedDisconnectedWSUS ServerWSUS Server
Remote Office Remote Office Client Client ComputersComputers
Main Office ClientMain Office ClientComputersComputers
Regional Client Regional Client ComputersComputers
IndependentIndependentWSUS ServerWSUS Server
ReplicaReplicaWSUS ServerWSUS Server
FirewallFirewall
Microsoft UpdateMicrosoft Update
WSUS – Client ComponentWSUS – Client Component
• The client component of WSUS is Automatic The client component of WSUS is Automatic Updates:Updates:– Can be configured to pull updates either from corporate Can be configured to pull updates either from corporate
WSUS server or from Microsoft UpdateWSUS server or from Microsoft Update– Three ways to configure Automatic Updates:Three ways to configure Automatic Updates:
• Centrally, by using Group PolicyCentrally, by using Group Policy• Manually configure clientsManually configure clients• Use scripts to configure clientsUse scripts to configure clients
– WSUS requires a compatible Automatic Updates clientWSUS requires a compatible Automatic Updates client
WSUS – Server ComponentWSUS – Server Component
• The server component of WSUS is Windows Server The server component of WSUS is Windows Server Update Services (WSUS):Update Services (WSUS):– Can synchronize updates from Microsoft Update on a Can synchronize updates from Microsoft Update on a
scheduleschedule– Provides a Web-based administrative GUIProvides a Web-based administrative GUI– Has several built-in default security featuresHas several built-in default security features– Provides synchronization and update reportsProvides synchronization and update reports– Uses MSDE or SQL Server database to store update Uses MSDE or SQL Server database to store update
metadata, events, and settingsmetadata, events, and settings– Interface is localized in 17 languagesInterface is localized in 17 languages
How to Use WSUSHow to Use WSUS
• On the WSUS server:On the WSUS server:1.1. Administer the WSUS server at Administer the WSUS server at http://<http://<server server
namename>/WSUSAdmin>/WSUSAdmin
2.2. Configure the WSUS server synchronization schedule Configure the WSUS server synchronization schedule and settingsand settings
3.3. Create client computer groups and assign computersCreate client computer groups and assign computers
4.4. Review, test, and approve updatesReview, test, and approve updates
• On each WSUS client:On each WSUS client:– Configure Automatic Updates on the client to use the Configure Automatic Updates on the client to use the
WSUS serverWSUS server
Implementing Windows ServerImplementing Windows ServerUpdate ServicesUpdate Services Configure Windows Server Update ServicesConfigure Windows Server Update Services Configure Group Policy Settings for WSUS Configure Group Policy Settings for WSUS
clientsclients Distribute updates using WSUSDistribute updates using WSUS View WSUS reportsView WSUS reports
demonstrationdemonstration
Migrating from SUS to WSUSMigrating from SUS to WSUS
• You can install SUS and WSUS on the same computer• You can migrate updates and approvals• Use the WSUSUTIL.exe command-line tool• Configure the clients to use the WSUS server• Use the Automatic Update self-update feature to update the
client• For computers running Windows XP
with no Service Packs, first install the SUS Automatic Update client
CapabilityCapability WSUSWSUS SMS 2003SMS 2003
SupportedSupportedPlatforms for Platforms for ContentContent
Windows 2000 Windows 2000
Windows XP Windows XP
Windows Server 2003Windows Server 2003
Windows NTWindows NT®® 4.0 4.0
Windows 98 Windows 98
Windows 2000Windows 2000
Windows XP Windows XP
Windows Server 2003Windows Server 2003
SupportedSupportedContent Content TypesTypes
Security and security rollup Security and security rollup updates, critical updates, updates, critical updates, and service packs for the and service packs for the above operating systems above operating systems and updates for some and updates for some Microsoft applicationsMicrosoft applications
All updates, service packs, All updates, service packs, and updates for the above and updates for the above operating systems; operating systems; supports updates and supports updates and application installations for application installations for Microsoft and other Microsoft and other applicationsapplications
Update Update DistributionDistributionControlControl
BasicBasic AdvancedAdvanced
Update Management Solution for Update Management Solution for Medium-Sized and Large OrganizationsMedium-Sized and Large Organizations
Systems Management Server Systems Management Server BenefitsBenefits
• For a full software distribution update managementFor a full software distribution update management solution, use: solution, use:– System Management Server 2003 orSystem Management Server 2003 or– System Management Server 2.0 with SUS Feature PackSystem Management Server 2.0 with SUS Feature Pack
• Benefits of using System Management Server:Benefits of using System Management Server:– Update managementUpdate management– Automates key aspects of update managementAutomates key aspects of update management– Can update a broad range of Microsoft productsCan update a broad range of Microsoft products– Can be used to update third-party software and Can be used to update third-party software and
install other software updates or applicationsinstall other software updates or applications
Systems Management Server Systems Management Server MBSA IntegrationMBSA Integration
• MBSA integration included with SMS 2003 and MBSA integration included with SMS 2003 and the WSUS Feature Pack for SMS 2.0the WSUS Feature Pack for SMS 2.0
• Scans SMS clients for missing security updates Scans SMS clients for missing security updates using mbsacli.exe /hfusing mbsacli.exe /hf
1.1. SMS directs client to run local MBSA scanSMS directs client to run local MBSA scan
2.2. Client performs scan, returns data to SMS serverClient performs scan, returns data to SMS server
3.3. SMS server parses data to determine which computers SMS server parses data to determine which computers need which security updatesneed which security updates
4.4. Administrator pushes missing updates only to clients Administrator pushes missing updates only to clients that require themthat require them
Systems Management Server Systems Management Server LimitationsLimitations
• Command-line syntax must be configuredCommand-line syntax must be configuredfor unattended installation of each update for unattended installation of each update
• Microsoft Office updates require extraction to Microsoft Office updates require extraction to edit a settings file for unattended installationedit a settings file for unattended installation
• International updates must be manually International updates must be manually downloaded from a Web pagedownloaded from a Web page
FirewallFirewall
Microsoft UpdateMicrosoft Update
Systems Management Server Systems Management Server How It WorksHow It Works
System System Management Management
Server Site ServerServer Site Server
System Management System Management Server Distribution PointServer Distribution Point
System Management System Management Server ClientsServer Clients
System Management System Management Server ClientsServer Clients
System Management System Management Server ClientsServer Clients
System Management Server System Management Server Distribution PointDistribution Point
Best Practices for Update Best Practices for Update ManagementManagement• Implement a good update management processImplement a good update management process• Choose a update management solution that meets Choose a update management solution that meets
your organization’s needsyour organization’s needs• Subscribe to the Microsoft Security Notification Subscribe to the Microsoft Security Notification
ServiceService• Make use of Microsoft guidance and resourcesMake use of Microsoft guidance and resources• Keep your systems up to dateKeep your systems up to date
Session SummarySession Summary
• Implementing security updates promptly is a Implementing security updates promptly is a critical component in a security management critical component in a security management planplan
• Update management needs to follow your Update management needs to follow your standard network management processesstandard network management processes
• For small and medium-sized business, MBSA For small and medium-sized business, MBSA and WSUS together provide an excellent and WSUS together provide an excellent update management solutionupdate management solution
Next StepsNext Steps
1.1. Find additional security training events:Find additional security training events:– The Microsoft Security Events and Webcasts The Microsoft Security Events and Webcasts
Web siteWeb site
2.2. Sign up for security communications:Sign up for security communications:– The Microsoft TechNet Web siteThe Microsoft TechNet Web site
3.3. Order the Security Guidance Kit: Order the Security Guidance Kit: – The Microsoft TechNet Web siteThe Microsoft TechNet Web site
4.4. Get additional security tools and content:Get additional security tools and content:– The Microsoft Security Web siteThe Microsoft Security Web site
Next StepsNext Steps
1.1. Find additional security training events:Find additional security training events:http://www.microsoft.com/seminar/events/security.mspxhttp://www.microsoft.com/seminar/events/security.mspx
2.2. Sign up for security communications:Sign up for security communications:http://www.microsoft.com/technet/security/signup/http://www.microsoft.com/technet/security/signup/ default.mspxdefault.mspx
3.3. Get additional security tools and content:Get additional security tools and content:http://www.microsoft.com/security/guidancehttp://www.microsoft.com/security/guidance
For More Information…For More Information…
• Visit TechNet at Visit TechNet at www.microsoft.com/technetwww.microsoft.com/technet
• Visit Microsoft Security at Visit Microsoft Security at www.microsoft.com/securitywww.microsoft.com/security
Questions and AnswersQuestions and Answers
• Submit text questions using the “Ask” button. Submit text questions using the “Ask” button. • Don’t forget to fill out the survey.Don’t forget to fill out the survey.• For upcoming and previously live webcasts: For upcoming and previously live webcasts:
www.microsoft.com/webcastswww.microsoft.com/webcasts • Got webcast content ideas? Contact us at: Got webcast content ideas? Contact us at: http://http://
go.microsoft.com/fwlink/?LinkIdgo.microsoft.com/fwlink/?LinkId=41781=41781• Today's webcast was presented using Microsoft Today's webcast was presented using Microsoft
Office Live Meeting. Get a free 14-day trial Office Live Meeting. Get a free 14-day trial http://www.microsoft.com/http://www.microsoft.com/presentlivepresentlive