Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Stanford’s Patch Management Project Ced Bennett May 17, 2004 Copyright Cedric Bennett 2004. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the author. To disseminate otherwise or to republish requires written permission from the author. Technical Environment 45,000 hosts on Stanford network 25,000 with various flavors of MS Windows Other’s are Unix, Linux, Mac Support Widely distributed Fairly uneven High speed, high capacity network Multiple network feeds No perimeter firewall Limited filtering at border routers Precipitating Event MS RPC vulnerability and patch Announced on July 17, 2003 NetBIOS ports already blocked at border “Blaster” attacks began around August 1 Network attacks blocked at the border Multiple instances “walked around” border After the dust settled 8,000 Windows platforms compromised! Cost of repair / control > $1,250,000 Cost of lost work / productivity not calculated Under control before students arrived Black Cloud Huge, costly, debilitating event Widespread concern President, Academic Senate, Administrators Black Cloud Silver Lining Huge, costly, debilitating event Widespread concern President, Academic Senate, Administrators Strategy for distributed platforms Leverage that concern Develop approaches to prevention Obtain technical buy-in Communicate and educate Implement Approach and Buy-In Formed a cross-campus technical task force Included technology leaders from Medical School, School of Engineering (Computer Science), Graduate School of Business, Residential Computing, Earth Sciences, Internal Audit, ITSS Developed the technical approach Patch management Configuration support Controlled network access Created a Managed Host Security project Patch Management Project Product criteria developed by Task Force Multi-platform support Windows initial focus Ability to manage centrally But also provide for local control Ease of use Agent-based Strong security model Examined marketplace alternatives Selected BigFix Enterprise Suite (BES) Patch Management Project Communication and education An unpatched system… … is a disaster waiting to happen! Photo © 2004 Quantum Corp (continued) Patch Management Project (continued) Ordered server equipment Started working with interim equipment Developed patch management processes Patch Testing Central and local responsibilities Local console operator training Exception handling Patch deployment Agent deployment Managing with focus on local control Still underway