Vulnerability Scanning and Patch Management



Similar documents
Managed Antivirus Quick Start Guide

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows Server Update Services 3.0 SP2

Tackling Third-Party Patches

PLATO Learning Environment System and Configuration Requirements for workstations. October 27th, 2008

PLATO Learning Environment System and Configuration Requirements. for workstations. April 14, 2008

Evaluation guide. Evaluator s guide to getting the maximum benefit out of a GFI LanGuard trial

GFI Cloud User Guide A guide to administer GFI Cloud and its services

Sophos Endpoint Security and Control standalone startup guide

Complete Patch Management

Product comparison. GFI LanGuard 2014 vs. Microsoft Windows InTune (October 2013 Release)

Kaseya 2. User Guide. Version 7.0. English

Five steps to improve your network s health

Altiris Patch Management Solution for Windows 7.1 from Symantec Release Notes

GFI Product Comparison. GFI LanGuard 2011 vs Microsoft Baseline Security Analyzer 2.2

GFI Product Comparison. GFI LanGuard 2011 vs Retina Network Security Scanner

The Importance of Patching Non-Microsoft Applications

HP Client Automation Standard Fast Track guide

THE TOP 4 CONTROLS.

Sophos Anti-Virus standalone startup guide. For Windows and Mac OS X

Complete Patch Management

Installation and Setup Guide

The Importance of Patching Non-Microsoft Applications

PLATO Learning Environment 2.0 System and Configuration Requirements. Dec 1, 2009

Reducing the Complexity of Virtualization for Small and Midsized Businesses

Dell KACE K1000 System Management Appliance Version 5.4. Patching and Security Guide

Altiris Patch Management Solution for Linux 7.1 SP2 from Symantec User Guide

Sophos Anti-Virus for NetApp Storage Systems startup guide. Runs on Windows 2000 and later

Providing Patch Management With N-central. Version 7.1

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

The Importance of Patching Non-Microsoft Applications

Evaluation Guide. Evaluator s Guide to Get the Maximum Benefit Out of a GFI LanGuard Trial

GFI Product Manual. Administrator Guide

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

Patch Management Table of Contents:

IBM Security QRadar Vulnerability Manager Version User Guide

TROUBLESHOOTING INCORRECT REPORTING OF THE WHO CHANGED PARAMETER

SOFTWARE UPDATER A unique tool to protect your business against known threats

ESET Mobile Security Business Edition for Windows Mobile

SOLARWINDS ORION. Patch Manager Evaluation Guide

Quick Start. Installing the software. for Webroot Internet Security Complete, Version 7.0

Pharos Uniprint 8.4. Maintenance Guide. Document Version: UP84-Maintenance-1.0. Distribution Date: July 2013

System Planning, Deployment, and Best Practices Guide

Sophos Cloud Migration Tool Help. Product version: 1.0

HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide

Northwestern University Dell Kace Patch Management

Charter Business Desktop Security Administrator's Guide

Comodo Endpoint Security Manager SME Software Version 2.1

Managed Services: More uptime, less headache

Desktop Release Notes. Desktop Release Notes 5.2.1

Patch management with GFI LANguard N.S.S. & Microsoft SUS

Patch Management Reference

Dell KACE K1000 Management Appliance. Patching and Security Guide. Release 5.3. Revision Date: May 13, 2011

Configuring Security for FTP Traffic

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

CTERA Portal Datacenter Edition

LANDesk Management Suite 9.0. Getting started with Patch Manager

management Patch ControlNow TM Whitepaper Fixing vulnerabilities before they are exploited.

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

EML-09 Keeping Operating Systems and Applications up to date with Patch Management 7.1

CTERA Agent for Linux

Actualtests.C questions

Patch Management for Red Hat Enterprise Linux. User s Guide

Integration Guide. LogicNow MAXfocus

McAfee Total Protection Service Installation Guide

CTERA Agent for Mac OS-X

MultiSite Manager. User Guide

UP L04 Introduction to 3 rd Party Patching Using the 4A Model Hands-On Lab

Novell. ZENworks Patch Management Design, Deployment and Best Practices. Allen McCurdy Sr. Technical Specialist

Client Configuration Secure Socket Layer. Information Technology Services 2010

Remote Control Tivoli Endpoint Manager - TRC User's Guide

Configuration Information

CTERA Agent for Windows

Patch Management Reference

Tier3 Remote Monitoring System. Peace of Mind for Less Than a Cup of Coffee a Day

Sygate Secure Enterprise and Alcatel

Integrating LANGuardian with Active Directory

Tutorial. Patch Management

AV Management Dashboard

SecureAnywhereTM Business Global Site Manager

Learning Series. Volume 12: Configuration

Closing the Vulnerability Gap of Third- Party Patching

GFI Product Manual. Installation and Setup Guide

EMC VoyenceControl Integration Module. BMC Atrium Configuration Management Data Base (CMDB) Guide. version P/N REV A01

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

Print Audit 6 Network Installation Guide

GFI Product Manual. Deployment Guide

ALTIRIS Patch Management Solution 6.2 for Windows Help

ManageEngine Desktop Central Training

CA IT Client Manager

Getting Started with the iscan Online Data Breach Risk Intelligence Platform

GFI Product Manual. Version 6.0. Getting Started Guide

Where can I install GFI EventsManager on my network?

Kaseya White Paper. Endpoint Security. Fighting Cyber Crime with Automated, Centralized Management.

SQL Server 2008 R2 Express Edition Installation Guide

System Administration Training Guide. S100 Installation and Site Management

Shavlik Patch for Microsoft System Center

User Manual for Web. Help Desk Authority 9.0

Mobile Network Access Control

Windows Operating Systems. Basic Security

GFI Product Manual. Administration and Configuration Manual

Transcription:

Vulnerability Scanning and Patch Management

Vulnerability Scanning and Patch Management Security vulnerabilities remain amongst the most disruptive and damaging types of problem experienced in real-world networks, causing lost time and potentially security breaches to customers. This in turn can soak up large amounts of time remediating the problems and cleaning up the systems. The variety and number of threats continues to increase and it is impractical to manage them without effective tools to automate the process. Ensuring that your customers networks have all of the relevant patches applied for the products of all of the key software vendors is one of the most effective pro-active steps you can take towards ensuring the minimum level of disruption for your customers. However, doing this separately across all of the networks for which you are responsible is a tedious and time-consuming task. To overcome this problem, Dashboard v5.14 and Agent v8.5 Release Candidate include the awardwinning vulnerability scanning and patch management technology of GFI LANguard, to provide vulnerability scanning and patch management capabilities to GFI MAX RemoteManagement. This provides an effective and efficient solution not only for Microsoft Windows and Office applications, but also non-microsoft applications such as Adobe Reader, Adobe Flash Player, Mozilla Firefox, Mozilla Thunderbird, Java and more. Follow the simple steps below to scan for vulnerabilities and remediate missing patches on monitored servers and workstations, all from your GFI MAX RemoteManagement Dashboard. Step 1 Update to Agent v8.5 RC Vulnerability Scanning and Patch Management requires Advanced Monitoring Agent v8.5 Release Candidate. From the Agent menu, select Download Agent v8.5 RC and run this on each server and workstation on which Vulnerability Scanning and Patch Management is to be enabled. Alternatively, select Download Site Installation Package to generate a silent installer for installation on multiple workstations via Group Policies or the one-click Remote Worker installer for workstations not connected to Active Directory. All existing configuration settings are retained when the Agent is updated. The Summary tab displays Agent Supported Features reflecting whether Patch Management is active. Agent v8.5 should be available on auto-update late October 2010. 2 www.gfi.com/maxrm

Step 2 Designate a Site Concentrator (Optional) A typical workstation may require as much as 20-30MB of Microsoft Windows patches alone in any given month. If there are a large number of workstations at a site, then a server at that site running Agent v8.5 can be designated as a Site Concentrator for that site. The Site Concentrator will download and cache Agent features, vulnerability and patch definition updates as well as the actual patch installation files as they are required by other Agents at the site. These other Agents, then download them from the Site Concentrator, ensuring that each patch is downloaded only once, reducing external network traffic. Select the required site in the Dashboard and then from the Edit menu, select Edit Site and the Site Concentrator tab. Select the server (running Agent v8.5) that is to act as the Site Concentrator and also the port on the Server that other Agents at that site should connect to. Please note that if you have a firewall running on the server, you may need to create a rule to allow Agents to connect to this port. If the Site Concentrator is unavailable for whatever reason, other Agents at the site will download patches directly from the vendors web-sites as normal. Step 3 Enable and Configure Vulnerability Scanning and Patch Management Vulnerability Scanning and Patch Management can be switched on for all servers and workstations or for servers and workstations at individual clients and sites only, from the Settings menu, Patch Management, Settings. Should you wish to exclude a server or workstation, or only enable Vulnerability Scanning and Patch Management on specific servers and workstations, this can be done from the Patch Management tab of the Edit Server and Edit Workstation dialogs. (These settings are available to Superusers only.) By default, servers and workstations will inherit configuration from site, which will in turn inherit from client, which will in turn inherit default configuration for all servers and workstations. The Vulnerability Check is a Daily Safety Check that runs each day and scans for Missing Patches. This check can operate in Alert Mode, which will cause the check to fail, a red cross to be displayed in the Dashboard and an alert to be sent (if configured) if a missing security patch is 3 www.gfi.com/maxrm

detected. Alternatively, this check can operate in Report Mode, which will ensure the check always passes and a green tick is displayed in the Dashboard (even if missing security patches are detected). In either mode, details of the missing security patches will be displayed in the check results in the Dashboard. The Vulnerability Check can optionally Include Vulnerabilities from databases based on OVAL and SANS Top 20. Please note that the names of vulnerabilities are in English only and may contain profanities. The check can operate in Alert Mode or Report Mode and if vulnerabilities are identified, these will also be displayed in the check results in the Dashboard. All security patches must be Approved before they can be installed, giving you the flexibility to choose which patches are to be installed on which servers and workstations at each client, allowing you to trial the installation of patches before deploying them to all servers and workstations. Missing security patches for the operating system represent the most significant threat to a server or workstation and therefore, when missing Microsoft security patches are detected, these can be Automatically Approved depending on the severity so that they are scheduled for installation without any intervention from you. In the Microsoft Patch Auto Approval section you can choose to Automatically Approve, Ignore or Do Nothing (i.e. manually approve at a later date) missing security patches depending on their severity (Critical, Important, Moderate or Low). 4 www.gfi.com/maxrm

Lastly, choose the Installation Schedule for approved security patches. Patches can be installed Manually from within the Dashboard on an ad-hoc basis or Scheduled for installation at a time of your choosing on one or more days of the week. Please be aware that we are not responsible for the patches you choose to install and any harmful effects they may have on your system. Step 4 Scan for Missing Security Patches and Vulnerabilities Once Vulnerability Scanning and Patch Management has been enabled on individual servers and workstations or all servers and workstations at a client or site, Agent v8.5 on each of those servers and workstations will then download, from the Site Concentrator if available, and silently install the required software. Please note that it will take up to two 24x7 monitoring cycles for Vulnerability Scanning and Patch Management to become active, after which point, the results of the Vulnerability Check will be displayed in the Dashboard alongside the rest of the Daily Safety Checks. Click the link in the Extra column to open the More Information dialog listing the vulnerabilities and missing security patches that have been identified. 5 www.gfi.com/maxrm

Step 5 Install a Missing Security Patch on an individual server or workstation The Patches tab for each server and workstation on which Vulnerability Scanning and Patch Management is installed and active, will list all required patches for that server or workstation, along with the Status of that patch, which will be one of the following:» Missing (Patch is required and is awaiting approval for installation)» Pending (Patch has been approved and is awaiting manual or scheduled installation)» Installing (Patch is currently being installed)» Installed (Patch has been installed successfully. The date the patch was installed will also be listed (if it was installed using GFI MAX RemoteManagement).» Failed (Installation of the patch was not completed successfully. On a small number of occasions a reboot may be required to complete this installation. In a future release, we hope to be able to indicate if this is the case).» Ignored (Patch is required and is missing, but is not approved for installation and will not be listed as missing in future vulnerability checks on this server or workstation) 6 www.gfi.com/maxrm

To trial the installation of one or more patches on one server or workstation only, simply check the missing patches to be installed and then from the Patch drop down, select Approve. These patches have now been approved for installation on this server or workstation only. They will be installed according to the configured schedule, or can be installed on the next 24x7 monitoring cycle by selecting Install Patches Now from the Server drop down. Step 6 Install a Missing Security Patch on all servers or workstations at a client or site To deploy one or more missing security patches across multiple servers or workstations at different clients or sites, click Approval Policy (also accessible from Settings menu, Patch Management). The approval policy is a set of one or more rules for each patch that determine what action to take on a server or workstation when identifying and remediating missing security patches. All security patches that are required on servers and workstations on which Vulnerability Scanning and Patch Management is installed and active will be displayed. The list of security patches can be filtered by Status, by Client or Site, by Severity, by Patch Name or by Product. The default policy for security patches is Do Nothing, which means that the patch has not been approved for installation (unless it was automatically approved as described in Step 3) and will be listed as missing in the results of future Vulnerability Checks. Patches can be Approved for installation (or Ignored, in which case they will not be listed as missing in future Vulnerability Checks) on all servers and workstations, or servers and workstations at specific Clients or Sites only (including those on which the Advanced Monitoring Agent may be 7 www.gfi.com/maxrm

installed at a later date). To do this, select the required patches and then choosing either servers or workstations and the clients and sites where the patch is to be installed, next click Apply. By default, servers and workstations will Inherit the approval policy for each security patch from the site, which will in turn inherit the policy of the client, which will in turn inherit the policy for all servers or workstations. Click on any security patch to see the approval policy that exists for that patch as well as a summary of the status of that patch on the servers and workstations on which it is required. If you wish to set the approval policy for an individual server or workstation only, then this can be done in the Patches tab on the Dashboard as described in Step 5 above. Step 7 View the results of the Vulnerability Check, Missing and Installed Patches in Reports Any changes to the configuration of Vulnerability Scanning and Patch Management and all changes to the Approval Policy are included in the User Audit Report, accessible from the Reports menu. The results of the Vulnerability Check will be included in the Client Daily Report and Client Weekly Report alongside all other Daily Safety Checks (remember that the check can be configured to run in Report Mode to ensure that it always passes, even when missing security patches and vulnerabilities are identified). Optionally, in your Client Monthly Reports, you can include the list of security patches installed in the last calendar month along with the date installed (if installed by GFI MAX RemoteManagement) as well as those that have been identified as missing. This can be done for all clients (Settings Menu, Default Monthly Report Content) or for specific clients only (Settings Menu, Client Report Settings, Monthly Reports, Override Content) enabling you to 8 www.gfi.com/maxrm

TC/0002/v1.0/EN demonstrate the work you do each month on your clients behalf to keep their systems up-to-date and disruption to a minimum. Please note missing security patches cannot be included without also including installed security patches From the Reports menu, there is the Patch Management Overview Report that displays, for each status selected (Missing, Pending, Installed etc), the security patches required on each server and workstation on which Vulnerability Scanning and Patch Management is installed and active, along with the status of the patch and the date installed (if installed by GFI MAX RemoteManagement). You can choose to Group by Device (for each server and workstation, list the patches it requires) allowing you to quickly see how up-to-date all of your clients servers and workstations are and where your time should be spent to keep disruption to a minimum. Or you can choose to Group by Patch (for each patch, list the servers and workstations on which it is required) allowing you to see if a critical security patch has been installed on all servers and workstations on which it is required. The Patch Management Overview Report can be generated for all clients or for a specific client only and you could use this to sell a security patch update service (list missing security patches at the client) and then demonstrate the work you have done (list installed security patches at the client). 2010. GFI Software. All rights reserved. All product and company names herein may be trademarks of their respective owners. 9 www.gfi.com/maxrm

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information