Managing Microsoft & 3rd party updates with SC

Download Report

Transcript Managing Microsoft & 3rd party updates with SC 

Congratulations – you survived the keynote with Stan & Ollie
10 min is all it takes - Managing Microsoft &
3rd party updates with SC 2012 Configuration
Manager
Kent Agerlund
Who am I
 Kent Agerlund
 Chief System Management Architect
 Coretech A/S, Denmark
 Microsoft MVP: Enterprise Client Management
 Microsoft Certified Trainer, MCITP Enterprise Admin
I love questions – but
DON’T ask me about hockey and the world cup
Agenda
 Patch Tuesday
 Let’s spend 5 min together
 Why worry about 3rd party updates
 What are your options
 SCUP 2011 (System Center Updates Publisher)
 Solarwinds
 Secunia
So….What is patch management?
Patch Creation
Vulnerability Intelligence
VI
VS
Vulnerability Scanning
PC
PD
Patch Deployment
PM
Plan for Software Updates
 Define you Update process






Pilot environments
Servers with automatic restart
Servers with manual requirements
Logically grouped servers
Workstations in production
Excluded devices
 Define you SLA’s
 When is your Boss a “Happy Camper”
 Can you track compliance
 Collection design
 Maintenance Windows
 CD+IT+RT=MW
Workstation restarts
 Automatic restart?
 No restart = No compliance = No
 Make sure you have a restart plan
 Create custom report
Last Computer Restart
Give me 5 minutes
DEMO
Wake up it’s, Patch Tuesday or early Wednesday
Why worry about 3rd party
Business
View
Third Party
Programs
86%
Microsoft
Programs
14%
Vendors
What do you
patch today
Business critical
programs
Programs you know about
Programs you don’t know
about
Criminals
View
What criminals
attack
The numbers speaks for themselves – TOP 50 apps
Vulnerabilities
in 2012 TOP 50
Apps
1137
Cybercriminals know:
patch available
229 in 2007 421 in 2009
≠
patch installed
Where to begin
Percentage of risk remediated
by patching N programs
Patching N of 200 programs
Strategy 1: Static
Risk remediated by patching the N most
prevalent programs
Percentage of risk remediated
100%
80%
Strategy 2: By Criticality
60%
Risk remediated by patching the N most
critical programs
40%
20%
12
0%
0
10
20
37
30
Number of programs patched
40
50
60
80% risk reduction achieved by
either patching the 12 most critical
programs, or by patching the 37
most prevalent programs
Are we doomed?
SCUP 2011
SCUP 2011
 What is SCUP
 Authoring tool
 Publishing tool
 3rd Party Updates with SCUP
 Same experience for all updates in ConfigMgr
 Supports EXE, MSI and MSP based updates
 MSU workaround :
http://blogs.technet.com/b/dominikheinz/archive/2011/10/17/deployingcustom-msu-updates-with-sccm-and-scup.aspx
SCUP Process Flow
Catalogs
downloaded from
web
Import Updates
Author Updates
Author custom
SCUP catalog
Publish Updates
SCUP Console
Sync Updates
WSUS Server
Scan Updates
ConfigMgr Server
Deploy Updates
ConfigMgr Clients
The signing certificate
 Used by SCUP to sign updates
 Trusted Publishers
 Trusted Root
 Configure WSUS GPO
 Allow self signed certificates
 Create the self-signed certificate with SCUP
 External certificate http://blogs.msdn.com/b/steverac/archive/2011/09/18/usingsystem-center-update-publisher-2007-with-verisign-certificates.aspx
 KB2720211 & KB2661254
Available Catalogs
 Free catalogs
 Adobe
 Reader and Flash
 Dell
 Client and Server updates
 Hewlett-Packard
 Client and Server updates
 Fujitsu
 ConfigMgr Cumulative updates
 $$ catalogs
 SCUPdates from Shavlik, VMWARE
no wait today it’s LANDESK
 PatchMyPC
SCUP
DEMO
Patch ConfigMgr clients…..the easy way
Secunia
Secunia
 Products
 CSI – Corporate edition
 SSB – Small Business edition
 PSI – Consumer and free
 Cloud Based solution
 Database contains vulnerabilities
in software products since 2003
 40k+ programs, applications and
plug-ins from thousands of
software vendors
 Automated patch
repackaging
 Fully integrated with 2012
Reporting
 Integrated with Configuration Manager
 Custom Dashboard
 Custom reports
 E-Mail subscriptions
Deploying patches
 Custom created Secunia packages
 Silent installations
 Can detect running applications like JAVA
 Script support
 PowerShell
 VB
 Java
 Updates are injected into WSUS
Secunia
DEMO
3rd party patching
UTVÄRDERING
KVÄLLSMINGEL
 Fyll i utvärderingen så att vi kan bli ännu
bättre till nästa gång!
 Antigen via länken du fick med din
biljett eller vid någon av datorerna i
TrueSec:s monter
 Best of MMS avslutas med ett gigantiskt
mingel på närliggande Dubliner direkt
efter dagens sista session!
 Tävla samtidigt om en HP Elitepad 900
(Vinnaren presenteras i Utställarfoajén
direkt efter sista sessionen).
 Microsoft och LabCenter bjuder på god öl
och ett unikt tillfälle för experter,
branschkollegor och eventdeltagare att
mingla tillsammans.
 Vi ses väl där?