ZENworks Patch Management Doc Hodges Opportunity Response Team Novell, Inc.
Are you prepared for business continuity threats? Unstable, malfunctioning systems resulting from attacks by viruses, worms and other malicious software Data loss resulting from lack of consistent, timely backups User tinkering resulting in broken workstations Hours of effort per system resulting from manual distribution of software Lost productivity resulting from hours of needless user desktop customization Lack of consistent operating environment preventing rapid system recovery Months of lost effort resulting from manual patch installation 2
Threats to Resource Integrity Viruses User errors Human clumsiness Theft Hackers Natural disasters Hard drive failure Power surge/failure Faulty hardware 3
A new approach consolidated Resource Management 4
Resource Management Stack Remote Mgmt Inventory Personality Data User Profile Patch, Update App Deployment OS Deployment Pre Boot Security Policy ZENworks Resource Management Bare Metal 5
Novell ZENworks 6.5 Complete IT resource management for enterprise-wide efficiency ZENworks Desktop Management Linux Management Server Management Data Management 6 Handheld Management
ZENworks Linux Management: powerful and secure Linux software management ZENworks Linux Management Provides IT administrators and managers with centralized control over Linux software configurations across their server and workstation infrastructures. 7
ZENworks Manages Linux Environments Support for SUSE, Red Hat, Linux updates Cross distribution software package deployment, conflict resolution, update and rollback Secure, scalable deployment Intuitive installation Complete web console Scriptable command-line interface On-demand or scheduled updating Customizable software library 8
ZENworks Linux Management The Best RPM Solution Resolves Recursive Dependencies Can graph all requirements for packages to be installed against currently installed packages, and packages available but not installed on the system Organizes Software Allows RPMs to be organized into channels for better management Controls Distribution Allows managed systems to be grouped to control software distribution across entire organization 9
ZENworks Linux Management won Best System Management tool 10
Virus History CSI/FBI Computer Crime Lab and Security Survey (2003) estimates that 83% of organizations experiencing virus attacks in 2002 suffered an associated loss of $27 million. The LoveLetter virus alone inflicted over 8.75 billion in damages worldwide in a year in which organizations suffered a total of $17.1 billion in virus-related costs. 11
Virus Mania In 2003 SQL Slammer Worm, estimated $1.25 billion damages Blaster Worm, estimated $2 billion damages In 2004 Bizten Trojan, Gaobot Worm, Mimmail Worm, Opaserv Worm, Backdoor.Sdbot Trojan, Xombe Trojan Backdoor.Threadsys Trojan, PWSteal Worm, MyDoom Worm, Hostidel Trojan, HLLW.Chemsvy Worm Dumaru Worm, Holar G Worm 49 new virus between Jan 1 Feb 4 th 2004 12
Patches and Pattern Files Currently users combat viruses with virus pattern updates and patches on OS and applications. Security Focus reported in 2003, 223 Vunerabilities, requiring a patch, found in Microsoft products alone. Security Focus reports a total of 35 Vunerabilities in all tracked products in January 2004. 13
Applying Patches
SneakerNet Patching SneakerNet = running around, manually patching each server and desktop and then verifying the patch (e.g. windows update) Network Fusion says:...many network administrators essentially tracked patch status in their head, fixing holes on the fly. But in the last 2 years, the sheer complexity of networks and number of patches have rendered this approach ineffective. 15
SneakerNet - Do The Math Medium-sized network: 10 servers, 1000 desktops Averages patches: 2 per week Installations + Reboots = 404 per day Assume fast 30 minute apply and patch = 202 hours You need to spend 202 hours each day to apply patches! 16
Viruses come after the patches [Microsoft has] never had vulnerabilities exploited before the patch was known David Aucsmith (Chief technology officer, Security Business Unit, Microsoft's Corp., BBC News, February 26, 2004 http://news.bbc.co.uk/2/hi/technology/3485972.stm 17
The Forensics of a Virus - Blaster July 1 July 16 July 25 Aug 11 Vulnerability reported to us / Patch in progress Bulletin & patch available No exploit Exploit code in public Worm in the world Report Vulnerability in RPC/DDOM reported MS activated highest level emergency response process Bulletin MS03-026 delivered to customers (7/16/03) Continued outreach to analysts, press, community, partners, government agencies Exploit X-focus (Chinese group) published exploit tool MS heightened efforts to get information to customers Worm Blaster worm discovered ; variants and other viruses hit simultaneously (i.e. SoBig ) Blaster shows the complex interplay between security researchers, software companies, and hackers 18
Architecture overview ZENworks Linux Management SUSE RCE Cache RedHat RCE RCE Server Mandrake Admin Console 19
ZENworks Patch Management Overview Full support of appropriate platforms Automated patch acquisition Detailed information about the patch Security fully integrated Robust agent-based architecture Applicable target management and selection Scheduling options Strong reporting Roles-based management Minimum required patch conformance 20
ZENworks Patch Management Patch Lifecycle Acquire Patch Research Detect Plan Report Defend Test Monitor Deploy Pilot 21 Rollout
Architecture overview ZENworks Patch Management Microsoft Patch Cache Novell PatchLink Patch Server Adobe Admin Console 22
Platform support ZENworks Patch Management supports the platforms you need Server runs on Windows 2000 or Windows 2003 Servers Desktop support Windows 98, NT, 2000 and XP Server Support Windows NT, 2000 and 2003 Servers NetWare Patch Support Microsoft, Novell, Adobe 23
Automated patch acquision ZENworks Patch Management automates the process Know about the patch Aquire the patch Ensure integrity of the patch Acquire dependant patches 24
Patch information ZENworks Patch Management provides extensive patch information Know the vulnerabilities addressed Know the severity of the risk Know if the patch is applicable to you Also Full dependency resolution Superseded patch prevention 25
Security every step of the way Acquisition from vendor Microsoft Patch Cache Novell PatchLink Patch Server Adobe Admin Console 26
Security every step of the way Delivery to you Microsoft Patch Cache Novell PatchLink Patch Server Adobe Admin Console 27
Security every step of the way Distribution Microsoft Patch Cache Novell PatchLink Patch Server Adobe Admin Console 28
Agent based architecture Security and flexibility Open NetBIOS ports are big risks! Consistent administrative userid s and passwords are big risks! ZENworks Patch Management agent provides: No NetBIOS ports required to be open Bidirectional initiation of updates Full scheduling engine Support for intermittently connected users 29
Target selection Know which devices need updates Manage individually, by group or by policy Policy defines required patches for all devices in your organization Automated compliance 30
Scheduling options Patch on your schedule Exact time that patches are applied When to check for new patches How many devices to patch at once Server initiated overrides 31
Reporting Know the state of your organization Clear, crisp graphical reports indicate status Where are you safe Where are you vulnerable Device success or failure 32
33 Home Page
Reports Page List of vulnerabilities by Impact 34
Reports Page Detail Filter the Vulnerability Report results by All, Detected, and Disabled by selection the desired item from the Filter by drop down menu 35
36 Vulnerability Report Detail
Patch Status For All Reports 37
Patch Status Computer Status for all Computers 38
Group Comprehensive Graphical Assessment The Group comprehensive graphical assessment allows the same type of reporting available at the home page to be displayed for a group of computers The data can be filtered by platform, vendor, and impact The perspective can be selected by agent, by patch, or by status 39
Patch Status Computer Status for all Computers 40
Groups Page By clicking on a group link you can display: Group level assessment report Reports & Inventory for the group Group Membership Mandatory Baseline Deployment History 41
Users Page Default Account: PatchLink Default Roles: Administrator Manager Operator Guest 52 Access Control Rights enable you to create custom roles to fit your environment. 42
Inventory Page Comprehensive patch detection requires a complete inventory of system information. Inventory information can be filtered by: Operating System Hardware Software Services 43
Inventory Page Comprehensive patch detection requires a complete inventory of system information. Inventory information can be filtered by: Operating System Hardware Software Services 44
45 Operating Systems View
46 Software View
47 Hardware View
48 Services View