Microsoft Software Update Services and Managed Symantec Anti-virus Michael Satut TSS/Crown IT Support m-satut@northwestern.edu
Introduction The recent increase in virus and worm activity has created the constant need to both manually patch Microsoft Windows operating systems and update the virus protection of desktop computers During the lag between availability of updates and actual installation of these updates, desktop computers are vulnerable to both exploit and virus infection. Microsoft SUS and Managed SAV were implemented at School of Communication and then Crown as a more automatic, manageable and efficient solution
SUS- Definition Microsoft Software Update Services (SUS) enables administrators to quickly and reliably deploy the latest critical updates and security updates to Windows 2000 and Windows Server 2003-based servers, as well as to desktop computers running Windows 2000 Professional or Windows XP Professional (http://www.microsoft.com/sus).
SUS- Benefits Gives the local administrator control over when updates are published Automatic installation of approved updates Greatly reduces the gap between release and the deployment of patches Eliminates the need for individual computer visits for the purpose of MS updates Allows for various scheduling options Downloads occur in the background The software is free from Microsoft
SUS- How it works Automatic Updates is a proactive pull service that allows for automatic detection, download, and installation of required Windows updates such as critical operating system fixes and Windows security patches (http://www.microsoft.com/sus).
SUS- Implementation Easily implemented and controlled via Active Directory group policy
SUS- Management Remote administration via HTTP or HTTPS, using a web-based interface Manual or scheduled synchronization with public Windows Update service Allows for selective content approval
SUS Screenshot 1
SUS Screenshot 2
SUS- Requirements Clients Windows 2000 SP3, Windows XP SP1 or later versions require no additional software Windows 2000 SP2 or Windows XP RTM require a MSI installation of the client Server Microsoft Windows 2000 or 2003 server Internet Information Services (IIS) must be enabled on the server An Intel X-86 or compatible P700-level processor, 512 megabytes (MB) of RAM, and 6 gigabytes (GB) of available hard-disk space
Managed SAV- Definition A managed Symantec Anti-Virus environment creates two-way communication between your clients and your parent server. This allows for direct oversight and management of client configuration and virus definitions.
Managed SAV- Benefits More timely and controlled distribution of virus definitions Allows for oversight of all managed client s antivirus protection and status Eliminates the need for individual computer visits to manually update virus definitions Downloads occur in the background The software is also free (NU site-licensed)
Managed SAV- How it works Push and Pull technology On demand administrators can: Initiate a server push of new virus definitions Start a virus sweep of all managed clients On the hour clients will check in with server to: Pull new virus definitions and configuration changes Report current individual status to server
Managed SAV- Implementation Install server version of SAV Install Symantec System Center Console Convert clients to managed: Login scripts or manual install on each client Determine virus definition source: LiveUpdate vs. Intelligent Updater
Managed SAV- Management Management through Symantec System Center Console View and modify client configuration and status Verify clients virus definitions Push updates or start a virus sweep
Managed SAV- Requirements Server Microsoft Windows NT4 sp6, 2000 or 2003 Intel Pentium processor Static IP addresses (recommended) Can be an existed file server or domain controller Also NetWare compatible Client firewall For full functionality, desktop firewall software needs to have port 2967/UDP open
Examples School of Communication Large user base Difficult and time consuming to visit all machines as often as needed for AV and MS Updates Crown Small user base, but high profile Needed to decrease lag and increase security
Bottom line Installation of these two services will reduce client visits and increase your baseline of security Since its inception at Crown there has only been one virus infection This infection was by Novarg/MyDoom, and occurred both because the virus arrived before definitions became available and because of user execution of the attachment despite multiple warnings This is not a complete solution. It is still important to: Educate your users Consider both software and hardware based firewalls Use strong passwords on all accounts Disable unnecessary services
Questions? More information on SUS http://www.microsoft.com/sus More information on SAV \\chocolate.tss.northwestern.edu\navadmin\docs