Cyber Security Awareness Month - Day 8 - Patch Management and System Updates
Welcome to day 8! Today we want your opinions on patch management and system updates. In this modern world where the gap between vulnerability and exploit is rapidly closing, and exploit code is being delivered via popular websites and ads it is as important as ever to keep your system and applications up to date.
To get you started...when I set up a Windows computer for my family and friends the following are essential:
- ensure Windows Update is turned, set to install recommended updates and configured to install updates daily at a time when the computer is likely to be on.
- install Secunia Personal Software Inspector (PSI). PSI monitors your Windows applications, lets you know when applications are out of date, and provides download links to help remediate. PSI is free for non-commercial use.
Now it's your turn. What tools and techniques do you use to ensure the systems under your control are up to date?
As usual the comment feature below or our contact form are awaiting your sage advice.
UPDATE:
Dave R. Commented that he likes to use WSUSOffline. It can be carried, software and patches, on a USB thumb drive. Just plug it in and patch.
-- Rick Wanner - rwanner at isc dot sans dot org - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)
Comments
Raymond
Oct 8th 2010
1 decade ago
MYam
Oct 8th 2010
1 decade ago
I have considered putting the Secunia PSI on their machines, but then I can imagine it flagging every 5 mins, which then means a phone call to me to deal with it etc.....
So I have opted for the following:
1. Set up with tools like K9 Web protection, which does a sterling job I hasten to add. This prevents most delivery at source and does its best to protect the users from Googling and clicking dodgy sites.
2. Install everything required and FULLY update from start - ensuring Windows Updates are on automatically. Use PSI to confirm all is good.
3. Install an anomaly based detection tool in the background - currently I'm pretty happy with the behavioral shield thrown in with Avast free.
4. This ones important - train the user to be careful. Ultimately it's up to them what they do and visit, but I always give graphic examples of what could happen if they are silly. Explain what the technology does, but clearly explain that it won't protect them from their silliness. Also explain the key signs of something "not quite right" so they can detect it and act accordingly.
4. Either book, or get them to book a "service" with me in 2-3 months where they can come back to me with questions as I'm reviewing everything all over again.
5. Be available for "emergencies".
It anything really critical shows up in the meantime I'll flag it with them and fix any problems, but generally this has been pretty successful for me and I quite like doing it.
Alban
amilroy
Oct 8th 2010
1 decade ago
Microsoft Security Bulletin MS08-067 – Critical: Vulnerability in Server Service Could Allow Remote Code Execution (958644):
http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
08-067 is on WSUS, why do you say it's not?
Susan
Oct 8th 2010
1 decade ago
CB
Oct 8th 2010
1 decade ago
dan
Oct 10th 2010
1 decade ago
MYam
Oct 11th 2010
1 decade ago