How To Understand Security Terms In A Microsoft Powerbook (Windows) (Windows 2) (Powerbook) (For A Powerbook) And (Windows 3) (Program) (Permanent) (Netware) (Unwin) (

Transcription

1 Wat is nu eigenlijk: "Windows Update" en "WSUS" Van Hecke Vincent

2 Microsoft Patch Management Van Hecke Vincent

3 Topics Terminologie Hoe Microsoft zijn software fixed. Overzicht technologiën en producten: Automatic Updates of WSUS? WSUS Extra s: MBSA,

4 TERMINOLOGIE

5 Important Security Terms Term Vulnerability Threat Attack Countermeasure Definition Software, hardware, a procedural weakness, a feature, or a configuration that could be a weak point exploited during an attack. Also called an exposure. A source of danger. A threat agent attempting to take advantage of vulnerabilities for unwelcome purposes. Software configurations, hardware, or procedures that reduce risk in a computer environment. Also called a safeguard or mitigation.

6 Software Vulnerabilities Term Buffer overrun (overflow) Privilege elevation (escalation) Validation error (source code) Definition An unchecked buffer in a program that can overwrite the program code with new data. If the program code is overwritten with new executable code, the effect is to change the program's operation as dictated by the attacker. Allows users or attackers to attain higher privileges in certain circumstances. Allows malformed data to have unintended consequences.

7 Vulnerability Severity Ratings Rating Critical Important Moderate Low Definition A vulnerability whose exploitation could allow the propagation of an Internet worm without user action. A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of users' data, or of the integrity or availability of processing resources. Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation. A vulnerability whose exploitation is extremely difficult, or whose impact is minimal.

8 STRIDE Model of Threat Categories (1/2) Term Spoofing identity Tampering with data Repudiation Definition Illegally obtaining access and use of another person's authentication information, such as a user name or password. The malicious modification of data. Associated with users who deny performing an action, yet there is no way to prove otherwise.(non-repudiation refers to the ability of a system to counter repudiation threats, and includes techniques such as signing for a received parcel so that the signed receipt can be used as evidence.)

9 STRIDE Model of Threat Categories (2/2) Term Information disclosure Denial of service Elevation (Escalation) of privilege Definition The exposure of information to individuals who are not supposed to have access to it, such as accessing files without having the appropriate rights. An explicit attempt to prevent legitimate users from using a service or system. Where an unprivileged user gains privileged access. An example of privilege elevation would be an unprivileged user who contrives a way to be added to the Administrators group.

10 Threat Agents (1/3) Term Virus Worm Trojan horse Definition An intrusive program that infects computer files by inserting copies of self-replicating code, and deletes critical files, makes system modifications, or performs some other action to cause harm to data on the computer or to the computer itself. A virus attaches itself to a host program. A self-replicating program, often malicious like a virus, that can spread from computer to computer without infecting files first. Software or that professes to be useful and benign, but which actually performs some destructive purpose or provides access to an attacker.

11 Threat Agents (2/3) Term Mail bomb Adware Definition A malicious sent to an unsuspecting recipient. When the recipient opens the or runs the program, the mail bomb performs some malicious action on their computer. Any software application or program in which advertising banners are displayed or Pop-up windows appear while the program is running. Adware is considered "Spyware" and is installed without the user's knowledge.

12 Threat Agents (3/3) Term Spyware Definition Any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Once installed, the Spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about addresses and even passwords and credit card numbers. Spyware is similar to a Trojan horse in that users unwittingly install the product when they install something else. A common way to become a victim of Spyware is to download certain peer-to-peer file swapping products that are available today.

13 Microsoft is committed to protecting customers from security vulnerabilities. As part of this effort, Microsoft makes available periodic releases of software. HOE MICROSOFT ZIJN SOFTWARE FIXED Meer info: Google "Trustworthy Computing"

14

15 MSRC Security Bulletin

16 OVERZICHT TECHNOLOGIEËN EN PRODUCTEN

17 WU: Windows Update MU: Microsoft Update MOU: Microsoft Office Update WSUS: Windows Server Update Services SCCM: System Center Configuration Manager MUC: Microsoft Update Catalog

18 Windows Update

19

20

21

22 Microsoft Update

23 Via Office toepassing

24 Via Windows Update

25

26

27

28

29

30

31 Vergelijking Microsoft Update Windows Update

32 De weg terug naar Windows Update Want eens de agent gekozen voor MU, blijft deze actief tot de WU agent terug wordt geïnstalleerd.

33

34

35

36 Microsoft Office Update

37 Via Windows Update

38

39

40

41 Het update proces

42

43 Het update proces: type updates High priority Critical updates, security updates, service packs, and update rollups. Software (optional) Non-critical fixes for Windows programs Hardware (optional) Non-critical fixes for drivers and other hardware devices

44 Express vs Custom Express (recommended) displays all high priority updates for your computer so that you can install them with one click. This is the quickest and easiest way to keep your computer up to date. Custom displays high priority and optional updates for your computer. You review and select the updates that you want to install, one by one.

45

46

47 De (ongekende?) opties

48

49

50

51

52 WSUS

53 Situering

54 Situering

55 Meerdere WSUS servers

56 Voordelen WSUS Beter beheer van Microsoft Updates, vooral in grotere omgevingen. Rapportering Mogelijks minder trafiek over de internetlijn, indien gebruik makend van centraal repository

57 SCCM

58 SCCM SCCM is eigenlijk grote broer van WSUS. De extra features in SCCM zijn: Inventaris management Geavanceerde rapportering Mogelijkheden om systemen te beheren vanop afstand

59 SCCM

60 Microsoft Update Catalog

61 Windows Update Catalog

62

63

64

65

66

67

68

69 AUTOMATIC UPDATES OF WSUS?

70 The Microsoft way Customer Type Large or Medium Enterprise Large or Medium Enterprise Scenario The organization wants a single, flexible update management solution with an extended level of control that enables them to update (and distribute) all Windows operating systems and applications and also includes an integrated asset management solution. The organization wants a solution for update management only that provides simple updating for Microsoft software initially supporting Windows 2000 and later supporting Office 2003, Office XP, Exchange Server 2000 and later, SQL Server 2000 and later. Customer Choice SCCM WSUS

71 The Microsoft way Customer Type Scenario Customer Choice Small Business Small Business Consumer The business has at least one Windows server and one IT administrator. All other scenarios All other scenarios WSUS Microsoft Update or Windows Update Microsoft Update or Windows Update

72 Automatic Updates

73 Best practise indien: Automatic Updates Installeer overal de Microsoft Update agent (zodat alle software wordt geupdate)

74 WSUS Meer mogelijkheden Vergt ook onderhoud Server nodig

75 WSUS

76 Over WSUS

77 Over WSUS BITS = Background Intelligent Transfer Service WSUS bevat rapportagemogelijkheden WSUS kan op 2 manieren werken: updates van WSUS halen updates van internet halen Command Line mogelijkheden (wsusutil.exe)

78 Installatie documentatie Step-by-step guide FamilyID=C8FA2FD1-72F6-4F19-A1B0- F689DAE14BE6&displaylang=en

79 Installatie

80 Installatie Keuze poort is by default 80 maar kan 8530 zijn

81 Configuratie Firewall!

82 Configuratie

83 Configuratie Groepen

84 Configuratie De keuze is aan u:

85 Configuratie TIP

86 Configuratie TIP SSL? Do not store update file locally? Remote workers

87 Meer documentatie Operations Guide: amilyid=66d250fa-670f-4a49-95ec- 2FFDA7691F55&displaylang=en

88 WSUS Tips

89 WSUS Tips: Cloning machines Als een voor WSUS geconfigureerde machine wordt gecloned (via Ghost, ) dan moet er een registry keys worden verwijderd: HKLM\Software\Policies\Microsoft\Windows\Windo wsupdate HKLM\Software\Microsoft\Windows\CurrentVersio n\windowsupdate

90 WSUS Tips: Forefront Forefront gebruikt WSUS voor zijn updates. Dus GPO setting bepaald frequentie voor het zoeken naar nieuwe virusdefinities. Standaard 22u, best op 1u zetten. Optie Allow automatic update immediate installation enabled. Zodat de virusdefinities worden geïnstalleerd zonder schedule in te stellen Zet wel nog een (dagelijkse?) schedule in voor de product updates.

91 WSUS Tips: Performantie issues svchost/msi performance issue both KB and the new 3.0 client needed update-on.aspx

92 WSUS Tips: Client logging Start, then click Run, type WINDOWSUPDATE.LOG and then click OK. Logging from bottom up. WindowsUpdate.log Is the v6 version windows update.log Is the v4 version

93 WSUS Tips 0x80072EE2 0x80072F78 0x80072F76 0x80072EFD You receive an "Error 0x80072EE2" or "Error 0x80072EFD" error message when you try to use Windows Update Add Windows Update Web sites to the Trusted Sites list

94 WSUS Tips 0x How to troubleshoot problems accessing secure Web pages with Internet Explorer 6 Service Pack 2 (870700) This Windows Update error code is caused by unregistered DLL files for Windows Update or Internet Explorer. On Windows XP SP2 and later this may be resolved using the iexplore /rereg command.

95 WSUS Tips 0x /0x800A01AD These Windows Update error codes can be caused by a damaged Windows XP XML subsystem. The first step to take is to reregister this component using the command regsvr32 msxml3.dll. If this does not resolve the issue, check for more recently updated MSXML Parser and MSXML components from the following link: px?productid=&freetext=msxml&displaylang=e n

96 WSUS Tips When accessing the Update site, you receive the 0x800A01AE error. This issue may happen if the current session of Internet Explorer has cached an older version of Wuapi.dll Re-register the Windows Update DLL with the commands below Click Start, click Run, type cmd, and then click OK. Type the following commands. Press ENTER after each command. regsvr32 wuapi.dll regsvr32 wuaueng.dll regsvr32 wuaueng1.dll regsvr32 wucltui.dll regsvr32 wups.dll regsvr32 wups2.dll regsvr32 wuweb.dll

97 WSUS Tips 0x This Windows Update error code is normally related to inconsistent or damaged information in the c:\windows\softwaredistribution folder. Stopping the Automatic Updates service then renaming the c:\windows\softwaredistribution folder to SDOLD then restarting the Automatic Updates service normally is the fix for this issue. Note: Renaming this folder will clear the display of previous successful and failed updates.

98 WSUS Tips 0x800B0001 This Windows Update error code is related to 3 particular DLL files that are not registered in windows correctly. Registering the following files with REGSVR32 normally fixes this issue: Softpub.dll Mssip32.dll Initpki.dll

99 WSUS Tips 0x C This Windows Update error can be caused by a damaged installation of BITS and corrupted information in the SoftwareDistribution folder. The solution is normally to re-download the BITS updates (KB and KB842773) from the Microsoft.com website, then stop the Automatic Updates service and rename the SoftwareDistribution folder to SDOLD. Reboot the computer and return to Windows Update.

100 WSUS Tips: Client Firewalls Most third party firewalls such as Norton Personal Firewall block SVCHOST (Generic Host Process Win32) communication by default. This can cause issues with Windows Update as SVCHOST communication is required by the Windows Update client to connect to the Windows Update Servers on the internet.

101 WSUS Tips: Diag tools Client diag tool Server diag tool

102

103 WSUS Tips To enable site tracing for a single visit to the Windows Update site, add &dev=true to the end of the URL, as in the example below: ault.aspx?ln=en&dev=true

104 WSUS Tips Backup?

105 WSUS Links

106 WSUS 3.0 SP2 Beta Overview New Windows Server and Client Version Support Integration with Windows Server 2008 R2 Support for Windows 7 client Support for the BranchCache feature on Windows Server 2008 R2

107 WSUS 3.0 SP2 Beta Overview WSUS Beta Feature Improvements and Fixes Auto-Approval Rules New functionality lets you specify the approval deadline date and time. You can now apply a rule to all computers or to specific computer groups. Cross-Version Compatibility The user interface is compatible between Service Pack 1 and Service Pack 2 for WSUS 3.0 on both the client and the server.

108 WSUS 3.0 SP2 Beta Overview Software Updates Stability and reliability fixes for the WSUS server, such as support for IPV6 addresses greater than 40 characters. The approval dialog now sorts computer groups alphabetically by group name. Computer status report sorting icons are now functional in x64 environments. Fixed setup issues with database servers running Microsoft SQL Server 2008.

109 EXTRA S

110 MBSA: Scan for vulnerabilites and look for patches Malicious Software Removal Tool Microsoft Security Assessment Tool

111 Microsoft Technical Security Notifications

112 EINDE