Real-life patch test - vulnerabilities found in one simple server in 6 months

  • 505 views
Uploaded on

Whether you patch monthly or every six months, the time and resource overhead is significant.... And are you even secure? …

Whether you patch monthly or every six months, the time and resource overhead is significant.... And are you even secure?

In this real-life patch test, one of our Solution Architects put a simple virtual machine through it’s paces, with fascinating results. Understand more about typical vulnerabilities and security updates found in even the most simple of servers, learn about the typical decisions being faced by organisations trying to balance operational efficiency with security and see how you can implement same-day protection for vulnerabilities in critical systems, even without patching or during a change freeze.

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
505
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
7
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Vulnerabilities found in one server in 6 monthsA real-life patch test Copyright 2011 Trend Micro Inc.
  • 2. Whether youpatch monthly… Or every six months Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 2
  • 3. Whether youpatch monthly… Or every six months The time and resource overhead is significant Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 3
  • 4. Whether youpatch monthly… Or every six months The time and resource overhead is significant And are you even secure? Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 4
  • 5. One of our Solution ArchitectsPATCH put a simple virtual machine TEST through it’s paces… with fascinating results… Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 5
  • 6. 26 July 2011 Simple VM built with WIN2008 R2 only… No apps, no IIS, no SQL Server This build could equally apply to a physical serverCopyright 2011 Trend Micro Inc. 6
  • 7. 6 months later… A large number of updates are available Remember this is still only one VM running nothing more than WIN2008 R2Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 7
  • 8. Look up the Knowledge Base number and find the update 6 months Now the hard later… work begins…. A large number of updates are available Remember this is still only one VM running nothing more than WIN2008 R2Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 8
  • 9. Take a closer look at the updates 09 AUG 2011… 7 important updates… 13.2MB… REBOOT REQUIRED 23 AUG 2011… 1 important update… 3.6MB… NO REBOOT 13 SEP 2011… 3 important updates… 65.4MB… NO REBOOT 11 OCT 2011… 4 important updates… 34.6MB… REBOOT REQUIRED 25 OCT 2011… 1 important update… 36K… NO REBOOT 08 NOV 2011… 2 important updates… 2.4MB… REBOOT REQUIRED 13 DEC 2011… 5 important updates… 26.1MB… REBOOT REQUIRED 29 DEC 2011… 3 important updates… 14.3MB… NO REBOOT 10 JAN 2011… 5 important updates… 19.1MB… REBOOT REQUIRED Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 9
  • 10. A total of 31 important security updates were announced over 6RESULTS months, with approx. every other patch requiring a reboot Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 10
  • 11. How can you reboot amission critical system that cannot be taken offline? Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 11
  • 12. How can you reboot amission critical system that cannot be taken offline? How can you reboot any system during a CHANGE FREEZE? Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 12
  • 13. Significant cross-referencing and assessment of each update needs to beIMPACT undertaken by a skilled administrator. What else will the update impact? What else is vulnerable? What is the impact on our risk posture? Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 13
  • 14. Patch detail Patch #1Cumulative SecurityUpdate for ActiveX Killbitsfor Windows Server 2008R2 x64 Edition(KB2618451)http://go.microsoft.com/fwlink/?LinkID=232507ms11-090 Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 14
  • 15. Patch detail Patch #1 PATCH #2Cumulative Security Cumulative SecurityUpdate for ActiveX Killbits Update for Internetfor Windows Server 2008 Explorer 9 for WindowsR2 x64 Edition Server 2008 R2 x64(KB2618451) Edition (KB2618444)http://go.microsoft.com/fwli http://go.microsoft.com/fwlink/?LinkID=232507 nk/?LinkID=232505ms11-090 ms11-099 Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 15
  • 16. Patch detail Patch #1 PATCH #2 PATCH #3 Security Update forCumulative Security Cumulative Security Microsoft .NET FrameworkUpdate for ActiveX Killbits Update for Internet 3.5.1 on Windows 7 andfor Windows Server 2008 Explorer 9 for Windows Server 2008 R2 SP1 for x64-R2 x64 Edition Server 2008 R2 x64 based Systems(KB2618451) Edition (KB2618444) (KB2539635)http://go.microsoft.com/fwli http://go.microsoft.com/fwli http://go.microsoft.com/fwlinknk/?LinkID=232507 nk/?LinkID=232505 /?LinkID=218325ms11-090 ms11-099 ms11-069 Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 16
  • 17. Patch detail Patch #1 PATCH #2 PATCH #3 Security Update forCumulative Security Cumulative Security Microsoft .NET FrameworkUpdate for ActiveX Killbitsfor Windows Server 2008 WHICH WILL Update for Internet Explorer 9 for Windows 3.5.1 on Windows 7 and Server 2008 R2 SP1 for x64-R2 x64 Edition Server 2008 R2 x64 based Systems(KB2618451)http://go.microsoft.com/fwli YOU PATCH?? Edition (KB2618444) http://go.microsoft.com/fwli (KB2539635) http://go.microsoft.com/fwlinknk/?LinkID=232507 nk/?LinkID=232505 /?LinkID=218325ms11-090 ms11-099 ms11-069 Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 17
  • 18. Some hours later and all 31 security updates located and assessed 23 out of 31 patches are related to security vulnerabilitiesTrend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 18
  • 19. 1 VM, 1 OS, 31 patches 23 of which relate to security vulnerabilitiesTrend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 19
  • 20. 1 VM, 1 OS, 31 patches 23 of which relate to security vulnerabilities For a typical organisation with servers running 50 multiple operating systems and applications, this is a costly and resource intensive operationTrend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 20
  • 21. 1 VM, 1 OS, 31 patches 23 of which relate to security vulnerabilities For a typical organisation with servers running 50 multiple operating systems and applications, this is a costly and resource intensive operation Unlike the simple VM, most organisations will not be able to automatically install updates. Individual updates or batches of updates will need to be tested and deployed manually to allow for them to be backed out in case of problems during installation.Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 21
  • 22. How do you balanceoperational efficiency with security? Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 22
  • 23. How do you balanceoperational efficiency with security? You want to install the minimum number of security patches for BASE LEVEL protection Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 23
  • 24. How do you balance operational efficiency with security? You want to install the minimum number of security patches for BASE LEVEL protectionBut you want visibility of all securityvulnerabilities? Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 24
  • 25. Virtual Patching: Proactively shield vulnerabilitiesSolution in critical systems, even without patching Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 25
  • 26. Trend Micro Deep SecurityVirtual Patching Solution  Detects and blocks known and zero-day attacks that target vulnerabilities  Shields web application vulnerabilities  Increased visibility into, or control over, applications accessing the network  Fully integrates with VMware and provides visibility at the hypervisor level, removing the risk of attacks not being visible within virtualised environments Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 26
  • 27. Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 27
  • 28. On the same VM running WIN2008 R2 This screen shows results of Trend Micro Deep Security Recommendation Scan :Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 28
  • 29. On the same VM running WIN2008 R2 This screen shows results of Trend Micro Deep Security Recommendation Scan : … After security updates concerning local logon, SSL protocol and kernel were discounted… …. Deep Security identified and proactively shielded 13 security updates … And then identified and shielded a further 11 security updates for which there may be no patchesTrend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 29
  • 30. Recommendations Assess the effectiveness of your patch 1 management process Calculate the cost and risk of emergency 2 patching Request a demo of Trend Micro Deep Security 3 And see how virtual patching could reduce IT resources and costs while enhancing the security and compliance of your data centre applications www.trendmicro.co.uk 01628 400552 Trend Micro Confidential 2/23/2012 Copyright 2011 Trend Micro Inc. 30