INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET)



Similar documents
LESSON Windows Server Administration Fundamentals. Understand Updates

Microsoft Baseline Security Analyzer (MBSA)

Microsoft Security Bulletin MS Important

Windows Operating Systems. Basic Security

Microsoft Security Bulletin MS Critical

How To Manage A Patch Management Program

FREQUENTLY ASKED QUESTIONS

Complete Patch Management

Installing Windows Server Update Services (WSUS) on Windows Server 2012 R2 Essentials

Medical Device Security Health Group Digital Output

Using Microsoft s Free Security Tools Help Secure your Windows Systems taken from Web and Other Sources by Thomas Jerry Scott November, 2003

Creating the AM.NET IIS Web folders

HP Server Automation Enterprise Edition

System Center Configuration Manager

Installing GFI Network Server Monitor

SysPatrol - Server Security Monitor

Implementing Security Update Management

Charter Business Desktop Security Administrator's Guide

NCIRC Security Tools NIAPC Submission Summary Microsoft Baseline Security Analyzer (MBSA)

Complete Patch Management

VMware vcenter Update Manager Administration Guide

Welcome to the QuickStart Guide

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

How To Install An Aneka Cloud On A Windows 7 Computer (For Free)

HP Client Automation Standard Fast Track guide

Hack Your SQL Server Database Before the Hackers Do

Pcounter Web Report 3.x Installation Guide - v Pcounter Web Report Installation Guide Version 3.4

TECHNICAL DOCUMENTATION SPECOPS DEPLOY / APP 4.7 DOCUMENTATION

Security Maintenance Practices. IT 4823 Information Security Administration. Patches, Fixes, and Revisions. Hardening Operating Systems

Patch Management Table of Contents:

Network Detective. Network Detective Inspector RapidFire Tools, Inc. All rights reserved Ver 3D

Introduction. PCI DSS Overview

System Administration Training Guide. S100 Installation and Site Management

Symantec AntiVirus Corporate Edition Patch Update

APPLICATION SECURITY RESPONSE: WHEN HACKERS COME A-KNOCKING

WhatsUp Gold v16.3 Installation and Configuration Guide

AdminToys Suite. Installation & Setup Guide

GFI LANguard 9.0 ReportPack. Manual. By GFI Software Ltd.

HoneyBOT User Guide A Windows based honeypot solution

VMware vcenter Update Manager Administration Guide

XIA Configuration Server

Activity 1: Scanning with Windows Defender

Installing OneStop Reporting Products

Out n About! for Outlook Electronic In/Out Status Board. Administrators Guide. Version 3.x

Lumension Guide to Patch Management Best Practices

Windows Remote Access

4cast Client Specification and Installation

RES ONE Automation 2015 Task Overview

System Planning, Deployment, and Best Practices Guide

Embarcadero Performance Center 2.7 Installation Guide

Installation Guide. Release Management for Visual Studio 2013

Unit 3 Research Project. Eddie S. Jackson. Kaplan University. IT540: Management of Information Security. Kenneth L. Flick, Ph.D.

User Guide Microsoft Exchange Remote Test Instructions

SANS Institute First Five Quick Wins

System Management. What are my options for deploying System Management on remote computers?

Running A Fully Controlled Windows Desktop Environment with Application Whitelisting

GFI White Paper PCI-DSS compliance and GFI Software products

How To Manage Your On A Microsoft Powerbook 2.5 (For Microsoft) On A Macbook 2 (For A Mac) On An Iphone Or Ipad (For An Ipad) On Your Pc Or Macbook

Installation Guide for WebAdmin Customers

Medical Device Security Health Imaging Digital Capture. Security Assessment Report for the Kodak DryView 8150 Imager Release 1.0.

Controlling Desktop Software Expenditures

Microsoft Corporation. Project Server 2010 Installation Guide

Appendix 1c. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF NETWORK/INTERNET SECURITY

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 8 Desktop and Server OS Vulnerabilities

Egress Switch Client Deployment Guide V4.x

XMap 7 Administration Guide. Last updated on 12/13/2009

Microsoft Dynamics CRM Adapter for Microsoft Dynamics GP

Microsoft Dynamics AX 2012 Installation Guide. Microsoft Corporation Published: April 2011 This content is preliminary and is subject to change.

Pearl Echo Installation Checklist

0651 Installing PointCentral 8.0 For the First Time

DataCove. Installation Instructions for Search Plug-in for Microsoft Outlook 2007 & 2010 (All Users)

Shavlik Patch for Microsoft System Center

Installing and Administering VMware vsphere Update Manager

Computer System Security Updates

Table of Contents. Introduction...9. Installation Program Tour The Program Components...10 Main Program Features...11

KB Microsoft Network Security Hotfix Checker (Hfnetchk.exe) Tool Is Available

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

BlackBerry Enterprise Server Express System Requirements

Assuria Auditor The Configuration Assurance, Vulnerability Assessment, Change Detection and Policy Compliance Reporting Solution for Enterprise

Kaseya 2. User Guide. Version 7.0. English

Microsoft Security Systemats

Using Microsoft Baseline Security Analyzer 2.2 and Windows Update

User Guide - Exchange Public Folder idataagent

Upgrade Guide. Upgrading to EventTracker v6.0. Upgrade Guide Columbia Gateway Drive, Suite 250 Publication Date: Sep 20, 2007.

How To Deploy Software Updates Using SCCM 2012 R2

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

Printed and bound in the United States of America. First Printing

Global Image Management System For epad-vision. User Manual Version 1.10

Upgrading Client Security and Policy Manager in 4 easy steps

New Zealand National Cyber Security Centre

What Do You Mean My Cloud Data Isn t Secure?

Microsoft SQL Server Express 2005 Install Guide

Installation Guide: Delta Module Manager Launcher

Securing Your Network Environment. Software Distribution & Patch Management

Information and Communication Technology. Patch Management Policy

How To Set Up Safetica Insight 9 (Safetica) For A Safetrica Management Service (Sms) For An Ipad Or Ipad (Smb) (Sbc) (For A Safetaica) (

Workflow Templates Library

StruxureWare Power Monitoring 7.0.1

EventTracker: Support to Non English Systems

QUANTIFY INSTALLATION GUIDE

Transcription:

INTERNATIONAL JOURNAL OF COMPUTER ENGINEERING & TECHNOLOGY (IJCET) International Journal of Computer Engineering and Technology (IJCET), ISSN 0976 ISSN 0976 6367(Print) ISSN 0976 6375(Online) Volume 3, Issue 1, January- June (2012), pp. 250-257 IAEME: www.iaeme.com/ijcet.html Journal Impact Factor (2011): 1.0425 (Calculated by GISI) www.jifactor.com IJCET I A E M E PATCH MANAGEMENT AND ANALYSING STRATEGY FOR MICROSOFT BULLETIN SECURITY A.Sankara Narayanan 1, M.Syed Khaja Mohideen 2, and M.Mohamed Ashik 3 Department of Information Technology, Salalah College of Technology, Salalah, Oman sankar2079@gmail.com, mohamed.syedkhaja@gmail.com, mohamed_ashik@yahoo.co.uk ABSTRACT As many realize, patching computers is a fact of life as part of the defense in depth security strategy. While it is essential to protect company IT assets from attack, patching vulnerabilities is only one part of the risk equation. System administrators consider the patching process to be a single step that provides a secure computing landscape. In reality, the patching process is a continuous cycle that must be strictly followed. Each step in the process must be tuned and modified based on previous successes and failures. Security fixes and feature improvements don't benefit the end user of software if the update mechanism and strategy is not effective. This paper is written for information technology managers and system administrators who want to automatically and securely keep all the computers in their network up-to-date with security patches and other updates. This paper presents one methodology for identifying, evaluating and applying security patches in a real world environment along with descriptions of some useful tools that can be used to automate the process. KEYWORDS Patch Management, Diffing, Security Patch, Patch Analyzer 1. INTRODUCTION Microsoft Patches usually released on the second Tuesday of each month. Starting with Windows 98, Microsoft included a "Windows Update" system that would check for patches to Windows and its components, which Microsoft would release intermittently. With the release of Microsoft Update, this system also checks for updates to other Microsoft products, such as Office, Visual Studio and SQL Server. Patch Tuesday begins at 17:00 or 18:00 UTC. Sometimes there is an extraordinary Patch Tuesday, 14 days after the regular Patch Tuesday. There are also updates which are published daily (e.g. definitions for Windows Defender and Microsoft Security 250

Essentials) or irregularly. Seemingly Microsoft has a pattern of releasing a larger number of updates in even numbered months, and fewer in odd numbered months. Earlier versions of the Windows Update system suffered from two problems. The first was that less experienced users were often unaware of Windows Update and did not install it; Microsoft's solution was the "Automatic Update," which notified each user that an update was available for their system. The second problem was that customers, such as corporate users, with many copies of Windows not only had to update every Windows deployment in the company but also uninstall patches issued by Microsoft that broke existing functionality. In order to reduce the costs related to the deployment of patches, Microsoft introduced "Patch Tuesday" in October 2003.In this system, security patches are accumulated over a period of one month and then dispatched all at once on the second Tuesday of the month, an event for which system administrators may prepare. Some who speculate that Tuesday was selected so that post-patch problems could be discovered and resolved before the weekend, but certainly not every patch induced problem may be cured in that time. The non-microsoft terms for the following day are "Exploit Wednesday" and "Day Zero", when attacks may be launched against the newly announced vulnerabilities. 2. PATCH ANALYSIS The operating system is divided into multiple components. Each component can consist of one or more files, registry keys, configuration settings, etc. Windows Serviceability (WinSE) releases updates based on components rather than the entire operating system. This reduces a lot of overhead with having to install updates to components that have not changed. Depending on the severity and applicability of the problem, there are different kinds of release mechanisms. When an individual customer reports a bug to Microsoft for a specific scenario, the WinSE team releases Hotfixes to address these problems. Hotfixes are not meant to be widely distributed and go through a limited amount of testing due to the customer's need for an urgent fix. Hotfixes are developed in a separate environment than the regular Updates. This allows Microsoft to release Updates that do not include the Hotfix files, thereby minimizing risk for the customer. Once the Hotfix is ready and packaged by WinSE, a KB article is written describing the problem, with instructions on how to obtain the Hotfix. Microsoft recommends that only customers experiencing the particular problem install the Hotfix for that problem. Patches are released in two different flavours GDR (General Distribution) and QFE (Quick Fix Engineering) or LDR (Limited Distribution Release). GDR contains only security related changes that have been made to the binary. QFE/LDR contains both security related changes that have been made to the binary as well as any functionality changes that have been made to it. In general, when you update a server from Windows Update the operating system will prefer to download only security related (GDR). If you have however manually installed a non security hotfix that updates a file on your system, that file will from now on be updated from the QFE/LDR tree. The term QFE is an old term that is mostly no longer used in reference to current versions of Windows. 251

2.1 DIFFING Diffing is the practice of comparing two things for differences, especially after some change has been made. The two things in question could be files, Registry entries, memory contents, packets, emails almost anything. The general principle is that you take some sort of snapshot of the item in question (for example, if it s a file, save a copy of the file), perform the action you think will cause a change, and then compare the snapshot with the current item, and see what changed. In computing, diff is a file comparison utility that outputs the differences between two files. It is typically used to show the changes between one version of a file and a former version of the same file. Diff displays the changes made per line for text files. Modern implementations also support binary files. The output is called a "diff", or a patch, since the output can be applied with the Unix program patch. The output of similar file comparison utilities are also called a diff; like the use of the word "grep" for describing the act of searching, the word diff is used in jargon as a verb for calculating any difference. Diffing is a highly successful tactic that hackers use to analyze different versions of the same file in order to pinpoint the differences between the files. This comparative technique has been used by hackers for years. Now we re going to work with the real analysis. File Name: Msvcm80.dll File description: Microsoft C Runtime Library, Microsoft Visual Studio2005 Version: 8.00.50727.762 File size: 0.12 Mb File Name: Msvcm80d.dll File description: Microsoft C Runtime Library, Microsoft Visual Studio2005 Version: 8.00.50727.762 File size: 0.22 Mb 252

Figure 1. Diffing tool with two files MSVCM80.DLL MSVCM80D.DLL File Date/Time 13/11/2009 14:07:42 12/03/2012 12:55:24 Similarity 4% Added lines/words 37861 747149 Modified 22708 296261 lines/words Deleted 4325 124799 lines/words Total words 563316 1188677 Total chars 2007380 4254294 Table 1. Diffing Results Chart 1. Comparing two files See the (Table 1) both files date and values are different. Compare Suite is a very flexible tool. Once you ve chosen your files, you can also choose how to compare them. Compare by Keywords to find similarities between unrelated documents. Compare drafts of the same document word by word. Or, compare character by character perfect for software developers Compare Suite can also tell you the number of words in your documents, the number of changes between them, and more. Set up a list of your interests, and Compare Suite will watch for these personal keywords in every document. There are many diffing tools are available in the market, but most of them support text, html, word, C coding, etc. As,we already mentioned the tool support for DLL, and EXE files. 253

3. MICROSOFT SECURITY ADVISORIES This bulletin summary lists security bulletins released for March 2012 http://technet.microsoft.com/en-us/security/bulletin/ms12-mar Bulletin Bulletin Title and Executive ID Summary Vulnerability in Visual Studio Could Allow Elevation of Privilege (2651019) Maximum Severity Rating and Vulnerability Impact Restart Requirement Affected Software MS12-021 This security update resolves one privately reported vulnerability in Visual Studio. The vulnerability could allow elevation of privilege if an attacker places a specially crafted add-in in the path used by Visual Studio and convinces a user with higher privileges to start Visual Studio. An attacker must have valid logon credentials and be able to log on locally to exploit this vulnerability. The vulnerability could not be exploited remotely or by anonymous users. Important May require restart Microsoft Visual Studio Table 2 Executive Summaries This is a constant concept in the Microsoft Security Bulletins names For example: MS12-021 MS Microsoft 12 The year the bulletin published (2012) 021 The bulletin number in this year (21 st bulletin of the 2012 year) The Microsoft Security Response Center (MSRC) uses severity ratings to help organizations determine the urgency of vulnerabilities and related software updates. Rating Definition Critical A vulnerability whose exploitation could allow the propagation of an internet worm without user action. Important A vulnerability whose exploitation could result in compromise of the confidentiality, integrity, or availability of user s data, or of the integrity or availability of processing resources. Moderate Exploitability is mitigated to a significant degree by factors such as default configuration, auditing, or difficulty of exploitation. Low A vulnerability whose exploitation is extremely difficult, or whose impact is minimal. Table 3 Severity Rating System 254

3.1 Patch management Patch management is one of the most critical and complex Windows-security-related issues. Security patch management is one of the important processes on all platforms every major software vendor that is committed to security will release security patches in response to newly identified vulnerabilities. There is no widely used operating system or application that is immune from attackers who spend their time trying to locate vulnerabilities to exploit. The patch management describes the tools, utilities, and processes for keeping computers up to date with new software updates that are developed after a software product is released. The Microsoft Windows Software Update Service (WSUS) is a tool for management and distribution of critical Windows patches. These patches address known security vulnerabilities and stability issues in Microsoft Windows 2000, Windows XP, and Windows Vista, Windows 7, Windows Server 2003 and Windows Server 2008 operating systems. Patches released through WSUS Currently, WSUS provides: Windows Critical Updates Windows Critical Security Updates Windows Security Roll-ups Patches for other Microsoft products such as Microsoft Office or Exchange Server It is not possible to use WSUS to deploy: Your own updates or third-party updates. It is also not possible to update to a newer version of Internet Explorer via WSUS. WSUS will provide the latest patches available for the version currently running on your system, but it will not install a different version on your system. 3.2 Patch Detection and Deployment Microsoft Baseline Security Analyzer (MBSA) is a very useful tool designed for the IT professionals. It will allow administrators to scan local and remote systems for missing security updates as well as common security misconfigurations. 255

Figure 2. Microsoft Baseline Security Analyzer Installation: Download the MBSASetup-x86-EN (1588kb) file to your computer Double click the File Click Run Click Next Select I Accept the licence agreement Click Next Click Next Click Install Click O.K Usage: a) Scan a computer: Check a computer using its name or IP address, this scan using for home or personal computers. Click Scan a Computer; then you will enter IP address or Computer name Click Start Scan, it will check online Microsoft Security Updates, and then your system scan will start b) Scan multiple computers: Check multiple computers using a domain name or a range of IP addresses, this scan using for network environment. Click Scan multiple computers, then you will enter Domain name or IP address range Click Start Scan, it will check online Microsoft Security Updates, and then your system scan will start Both scans detailed report will show Security Update, Administrative Vulnerabilities, Additional System Information, Internet Information Services, SQL Server, Desktop Application results. 4. CONCLUSION For an organization to implement a sound patch management process, time and dedication need to be given up front to define a solid process. Before you can dive into a patch management deployment process, you must establish the prerequisites for implementing the process by knowing your computing environment, preparing end 256

user education, assigning responsibilities, understanding the current process, developing a chain of communication. This paper presents one methodology for identifying, evaluating and applying security patches in a real world environment along with descriptions of some useful tools that can be used to automate the process. In this paper, we describe the end user s security exposure and the complexity of the task of keeping their systems secure. 5. REFERENCES [1] http://dl.packetstormsecurity.net/papers/presentations/patching-ms.pdf [2] http://mis.umsl.edu/bov/bov04-1.pdf [3] http://www.sans.org/reading_room/whitepapers/bestprac/practicalmethodology-implementing-patch-management-process_1206 [4] http://www.darungrim.org/ [5] http://blog.eeye.com/patch-tuesday/microsoft-patch-tuesday-august-2010 [6]http://www.viewfinity.com/Resources/WhitePapers/Viewfinity_Privilege_Manage ment_mitigates_ Microsoft_Patch_Vulnerabilities.pdf [7] http://csrc.nist.gov/publications/nistpubs/800-40-ver2/sp800-40v2.pdf [8] http://en.wikipedia.org/wiki/patch_tuesday [9] http://technet.microsoft.com/en-us/security/bulletin/ms12-feb [10] http://www.phreedom.org/presentations/reverse-engineering-andsecurity/reverse-engineering-and-security.pdf [11] http://www.computerweekly.com/blogs/it-fud-blog/2011/11/microsoft-patchtuesday-compat.html [12] http://www.abysssec.com/blog/2008/11/27/microsoft-patch-analysis-binarydiffing/ [13] http://technet.microsoft.com/en-us/library/cc512589.aspx [14] http://www.windowsecurity.com/uplarticle/patch_management/asg_ Patch_Mgmt-Ch2-Best_Practices.pdf [15] http://technet.microsoft.com/en-us/library/cc768045.aspx [16] http://en.wikipedia.org/wiki/diff [17] http://blogs.msdn.com/b/ntdebugging/archive/2008/10/21/windows-hotfixesand-updates-how-do-they-work.aspx [18] http://blogs.technet.com/b/instan/archive/2009/03/04/qfe-vs-gdr-ldrhotfixes.aspx 257

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information