Transcript Slide 1
“Everyone full control or what?” Security challenges inside a company
(WSUS, Wireless, Password policies: An introduction
Who are we?
Henk Maeghs 10 years Océ HTS Technical computer science System Support Engineer Mark Theeuwes 8 years Océ HTS Technical computer science System Support Engineer 2
Canon
3
http://www.oce.com
Facts & Figures
Océ: 24,000 employees world wide Head office in Venlo 30 countries IT corporate / IT Venlo 4
Facts & Figures IT
Océ (Venlo): IT specialists?
Servers ?
Clients?
Storage?
5
Facts & Figures IT
Océ (IT):
100 IT specialists
Servers ?
Clients Storage?
6
Facts & Figures IT
Océ (IT): 100 IT specialists
500 servers
Clients Storage?
7
Facts & Figures IT
Océ (IT): 100 IT specialists 500 servers
5000 workstations
Storage?
8
Facts & Figures IT
Océ (IT): 100 IT specialists 500 servers 5000 workstations
200 Tb storage
9
IT security
"the right people get the right information at the right time for the right reason".
10
IT Security: a short introduction
The CIA triad
11
CIA triad: confidentiality
About privacy and authentication 12
Some examples……..
13
CIA triad: Availability
After a disaster you need a recovery….. 14
Availability: other examples
Service Level Agreements Data Center 15
CIA triad: integrity
Firewalls, antivirus software, CRC and Windows Updates 16
CIA integrity: Windows Updates
Exploit Wednesday
17
Why updates?
18
Hotfixes………..
19
Patches………….
20
Service packs…………
21
W indows S erver U pdates S ervices ( WSUS )
Upstream Downstream 22
Download of updates at Microsoft
Express (delta) versus full 23
BITS (Background Intelligent Transfer Service)
24
WSUS Group Policy
25
WSUS settings (applied by a group policy)
26
On the desktop
27
“Houston, we’ve got a problem
28
Patch Tuesday
MS bulletin about new updates Approval updates on test systems Approval in production Minimizing risks by phased updating 29
WSUS Management Console: approval per group
30
Time for a break
31