1. Compliance & Software Updates COMP2071

2. Compliance What is compliance? All enterprises must meet IT Security compliance standards Compliance is dictated by the Information Security department Compliance can be all encompassing and we will discuss portions of it over the next couple of weeks This week we will be concentrating on Software Compliance 3. Compliance What is software compliance? Software compliance can include many items such as Hardening servers Ensuring Antivirus products are installed Installing updates to fix vulnerabilities Mitigating vulnerabilities that dont have patches Risk Management 4. Software Updates What are software updates? Software updates (or patches) are provided by a company to patch vulnerabilities Some examples of providers are Microsoft, Java, Adobe, Linux, etc. Vulnerabilities are weaknesses in an Operating System or Software product that could open it to hackers, viruses, malware, and more 5. Software Updates How would these updates be applied? Updates should be applied as soon as they are released Vulnerabilities that are listed with a high rating are especially important In the example of Windows, these updates/patches would be applied using a WSUS server or by the Windows update tool (http://technet.microsoft.com/en-us/wsus/bb466190) For other providers such as Java, the updates would be downloaded from their website 6. Software Updates How are Vulnerabilities Rated? If you would like to understand the ratings of vulnerabilities, you can do some reading on CVSS Scores All vulnerabilities are rated using CVSS and it is widely accepted in the same way ITIL is accepted and applied More information on CVSS can be found here: http://nvd.nist.gov/cvss.cfm http://www.first.org/cvss/cvss-guide http://en.wikipedia.org/wiki/CVSS I will place the pdf guide on Blackboard as well 7. Software Updates How does this all apply to this class? Updates/patches will usually be applied by the 3rd- level development team After applying updates they can run a scan using tools such as Microsoft Baseline Security Analyzer (MBSA) to double check that the updates completed (http://technet.microsoft.com/en-us/security/cc184923) . This is called a Vulnerability Scan It is important to double check the work, ensure it completed successfully 8. Software Updates After confirming all updates/patches have completed successfully, the applications the users need will be tested to ensure they still function the same This goes back to last week where the 3rd-level installs then sends to a QA tester to confirm functionality Updates/patches can cause major issues to applications sometimes, especially in-house applications After all testing has completed and functionality is confirmed the updates/patches are rolled out to all the desktop users 9. Software Updates Can things go wrong? Yes! Often when everything gets rolled out many issues occur When these issues occur the users will call into the service desk, this would be considered a major outage A problem record would then be raised for investigation by the 3rd-level team, a known error record would follow soon after An update may be rolled back if it has a major impact on users 10. Software Updates Tools I want to familiarize you with some of the tools used for this whole process We will be working with: A WSUS Server Microsoft Baseline Security Analyzer (MBSA) Retina VA scanner Spiceworks Tickets (of course) Since we cant simulate a major failure, lets learn about how to use some of these tools 11. In-Class Simulation Open mylm and clone the following to your workspace and we will begin simulation: COMP2071-WSUS