Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Cyber Security Awareness Month - Day 8 - Patch Management and System Updates - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Cyber Security Awareness Month - Day 8 - Patch Management and System Updates

Welcome to day 8!  Today we want your opinions on patch management and system updates.  In this modern world where the gap between vulnerability and exploit is rapidly closing, and exploit code is being delivered via popular websites and ads it is as important as ever to keep your system and applications up to date.

To get you started...when I set up a Windows computer for my family and friends the following are essential:

  • ensure Windows Update is turned, set to install recommended updates and configured to install updates daily at a time when the computer is likely to be on.
  • install Secunia Personal Software Inspector (PSI). PSI monitors your Windows applications, lets you know when applications are out of date, and provides download links to help remediate. PSI is free for non-commercial use.

Now it's your turn.  What tools and techniques do you use to ensure the systems under your control are up to date?

As usual the comment feature below or our contact form are awaiting your sage advice.

 UPDATE:

Dave R. Commented that he likes to use WSUSOffline.  It can be carried, software and patches, on a USB thumb drive.  Just plug it in and patch.

-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Rick

290 Posts
ISC Handler
A friend of mine has a small business, so I set up WSUS to auto download and install all critical patches and warn for the important ones.
Raymond

14 Posts
well, WSUS is good, but experiencing in it, it will miss some patches like ms08-067 and several others for some reason, beside it won't look for other than windows, use NESSUS with WSUS is good, but these tools won't be used for home users / family ( complex tools for them ) need something like PSI
Raymond
8 Posts
In my opinion I have numerous troubles with friends and especially family. Obviously Windows Update updates all critical ones, but misses out on others, so these have to be done manually later date.

I have considered putting the Secunia PSI on their machines, but then I can imagine it flagging every 5 mins, which then means a phone call to me to deal with it etc.....

So I have opted for the following:

1. Set up with tools like K9 Web protection, which does a sterling job I hasten to add. This prevents most delivery at source and does its best to protect the users from Googling and clicking dodgy sites.

2. Install everything required and FULLY update from start - ensuring Windows Updates are on automatically. Use PSI to confirm all is good.

3. Install an anomaly based detection tool in the background - currently I'm pretty happy with the behavioral shield thrown in with Avast free.

4. This ones important - train the user to be careful. Ultimately it's up to them what they do and visit, but I always give graphic examples of what could happen if they are silly. Explain what the technology does, but clearly explain that it won't protect them from their silliness. Also explain the key signs of something "not quite right" so they can detect it and act accordingly.

4. Either book, or get them to book a "service" with me in 2-3 months where they can come back to me with questions as I'm reviewing everything all over again.

5. Be available for "emergencies".

It anything really critical shows up in the meantime I'll flag it with them and fix any problems, but generally this has been pretty successful for me and I quite like doing it.

Alban
Raymond
11 Posts
Question to MYam?

Microsoft Security Bulletin MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644):
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx

08-067 is on WSUS, why do you say it's not?
Susan

34 Posts
Perhaps a cryptic, viral Facebook status update such as "I like to do it on Wednesdays!" to raise interest in Cyber Security Awareness Month. People would be wondering what it's all about and in the end, they will find out that it's for which day one prefers to install patches/updates on their systems. :)
Susan
3 Posts
Unfortunately the need for patches/updates is a sad reflection of the software market producing defective products. Hopefully some ideas David Rice raised in Geekonomics come to fruition to remove the burden of software updates from the sysadmin/user and move it to the software developer to deliver a quality product. The gap between vulnerability and exploit just exacerbates how bad the current situation is.
Susan
3 Posts
Susan, ms08-067 is on WSUS list, however, WSUS is missing it from time to time in big env. for some reason... i had troubles with it and ms09-001, we had to check the hosts newly joining our domain with NESSUS and patch them manually.
Susan
8 Posts

Sign Up for Free or Log In to start participating in the conversation!