Wednesday, July 27, 2011

WindowSecurity.com - July 2011 Newsletter

-------------------------------------------------------
WindowSecurity.com Newsletter of July 2011
Sponsored by: ManageEngine <http://www.manageengine.com/products/eventlog/?utm_source=wownsec&utm_medium=newsletter&utm_campaign=textlinkELA&utm_term=jul11>
-------------------------------------------------------

Welcome to the WindowsSecurity.com newsletter by George Chetcuti, BSc in Computing & IS (Honors), CISA, MCP, HP Certified. Each month we will bring you interesting and helpful information on the world of Security. We want to know what all *you* are interested in hearing about. Please send your suggestions for future newsletter content to: gchetcuti@windowsecurity.com


1. Achieving Software Update compliance
-------------------------------------------------------

Ensuring that all hosts within your organization are configured to a specific standard is not only a good practice but a necessity to prevent malware from taking advantage of various system vulnerabilities. The release of major security updates by vendors after an exploit has been made public is one instance where an organization has to have in place an automated tool that kicks in immediately after the update is released.

To meet compliance requirements all systems need to have specific updates applied, certain applications (firewall, antivirus, etc.) installed and configured appropriately. Many technologies exist to help you achieve such requirements but should we only rely on a tool that provides us with the pushing mechanism without verifying whether the approved software updates have actually been deployed to all computers in your environment? In this month&#146;s newsletter I will go through some software update technologies focusing on a free tool that systems administrators can use without the need for creating a business case or for passing through the procurement process, especially in the Summer season when senior management may be away on a long boat trip!

*Microsoft Baseline Security Analyzer (MBSA)*

Sometimes, the more features and functionality a tool has the less system administrators make full use of it. MBSA is a basic tool that enables system administrators to scan the network to determine which computers are missing updates or are incorrectly configured according to Microsoft best practices recommendations. It can check security configuration settings such as firewall settings. The MBSA tool can integrate with WSUS as well and it will perform scans according to the WSUS approved updates. An important feature found in MBSA is the capability of detecting whether a computer is assigned or not to a software update server. MBSA version 2.2 will work with all supported versions of Windows including Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7 and Windows Server 2008 R2. Version 2.1 had some limitations but these were fixed in version 2.2. Version 2.2 is the latest version of Microsoft&#146;s free security and vulnerability assessment scan tool for administrators, security auditors, and IT professionals.


Scanning multiple computers


Typical report indicating configuration weaknesses

Unlike other tools such as SCCM 2007 the reports it generates are not as rich but for a fee tool I say they are sufficient. Also, it has no email notification feature for machines that become noncompliant. To download a copy and have some fun with MBSA go here. <http://technet.microsoft.com/en-us/security/cc184923>

If your environment is more complex then I suggest that you go for WSUS (Windows Server Update Services). The current version is WSUS 3.0 SP2 and you can download a copy from here. <http://www.microsoft.com/download/en/details.aspx?id=5216>

*WSUS Advanced Reporting*

WSUS 3.0 SP2 offers software update compliance reporting functionality in enterprise environments. WSUS reports can be exported to Microsoft Office Excel or PDF formats while implementations based on an SQL server database can benefit from customized reports based on your own set of database queries. However, the built-in reports found in WSUS are more than enough for managing standard compliance. These include a status summary of the number of computers the updates are installed on, those computers that failed to take an update, and for which WSUS has no data. The status report can be run in a detailed version where you can view the report in summary or tabular format.

The basic difference between MBSA and WSUS is that WSUS does not scan computers to determine whether updates are missing but instead records whether updates have been downloaded to target computers and whether the target computers have reported back to the WSUS server that the update has been successfully installed. Briefly, it generates reports based on information communicated with the WSUS server. An important feature in enterprise environments is the complete view of the software update deployment process where multiple WSUS servers may exist.

*SCCM 2007*

SCCM (System Center Configuration Manager) 2007 enables you to assess whether the configuration of computers within your organization matches what is referred to as a configuration baseline. SCCM is the high-end solution from Microsoft where you can ensure compliance over the whole infrastructure including mobile environments. SCCM 2007 R3 include power management features that help organizations reduce their IT-based power consumption which can be part of an environmental compliance program. Mind you, SSCM is not just a software update management solution but it includes an asset inventory, a configuration baseline management, a software distribution source, a power management tool and an operating system deployment solution.

With SCCM you can generate a whole slew of reports of every kind. In addition, if the large number of pre-generated reports is not enough you can create custom reports tailored to your specific requirements. As you can imagine, SCCM is the most comprehensive reporting and compliance tool for enterprise environments. To read more about SCCM and download SCCM 2012 Beta 2 go here. <http://www.microsoft.com/systemcenter/en/us/configuration-manager/cm-vnext-beta.aspx>

Should you have any ideas for content in future editions of the WindowSecurity.com newsletter or would like to ask questions, you're more than welcome to e-mail me at george.chetcuti@windowsecurity.com

See you next month! - George


2. WindowSecurity.com Articles of Interest
----------------------------------------

* Microsoft Forefront Endpoint Protection 2010 - Is Microsoft Anti-virus Good Enough
<http://windowsecurity.com/articles/Microsoft-Forefront-Endpoint-Protection-2010-Microsoft-Anti-virus-Good-Enough.html>

* Why Applications don&#146;t work for standard users
<http://windowsecurity.com/articles/Why-Applications-Dont-work-standard-users.html>

* Well-Known SIDs for Windows Server 2008 R2 Active Directory
<http://windowsecurity.com/articles/Well-Known-SIDs-Windows-Server-2008-R2-Active-Directory.html>

* The Advanced Persistent Threat - What Is It and How Does It Affect Me?
<http://windowsecurity.com/articles/Advanced-Persistent-Threat-What-How-Does-Affect-Me.html>

* Security Considerations for Infrastructure as a Service Cloud Computing Model
<http://windowsecurity.com/articles/Security-Considerations-Infrastructure-Service-Cloud-Computing-Model.html>

* Cloud computing, can we trust it and how can it be used whilst being secure
<http://windowsecurity.com/articles/Cloud-computing-can-we-trust-how-can-be-used-whilst-being-secure.html>


3. Tip of the Month
-----------------------------------------------


The following are some ideas to consider when planning security baselines:

* The number of services and applications that a host makes available to the network increases the attack surface, so security baselines are best based on roles.
* The process of hardening a host starts with a restrictive startup configuration and one that allows only those parts that are necessary for the host to perform its role/s.
* In Windows Server 2008 you harden a computer by applying role-based security policies.


4. Latest Security Exploits and Concerns
-------------------------------------------

* Microsoft goes the extra mile against Rustock
<http://blogs.windowsecurity.com/shinder/2011/07/05/microsoft-goes-the-extra-mile-against-rustock/>

* Vulnerability in Cisco VPN client for Windows
<http://blogs.windowsecurity.com/shinder/2011/06/29/vulnerability-in-cisco-vpn-client-for-windows/>

* Key questions to ask your service about security
<http://blogs.windowsecurity.com/shinder/2011/06/25/key-questions-to-ask-your-service-about-security/>

* Autorun exploits way down
<http://blogs.windowsecurity.com/shinder/2011/06/29/autorun-exploits-way-down/>

* Botnets
<http://blogs.windowsecurity.com/chetcuti/2011/07/05/46/>

* Security benefits of 64 bit Windows 7
<http://blogs.windowsecurity.com/shinder/2011/07/06/security-benefits-of-64-bit-windows-7/>

* Office 2010 SP1 contains roll-up of security fixes and more
<http://blogs.windowsecurity.com/shinder/2011/07/09/office-2010-sp1-contains-roll-up-of-security-fixes-and-more/>

* Do you have systems that are "too important to patch"?
<http://blogs.windowsecurity.com/shinder/2011/07/06/do-you-have-systems-that-are-too-important-to-patch/>


5. Ask George a question
--------------------------

This month, I would like to share a forum post with you. Our WindowSecurity.com message boards are a great source of information where you can get free support and an exchange of brilliant ideas. I urge you to participate!!!

For instance, check this cool thread started by our forum fanatic moondoggie &#150;

Help me design a wireless network

<http://www.security-forums.com/viewtopic.php?t=64732&start=0&postdays=0&postorder=asc&highlight=>


TechGenix Sites
----------------------------------------------------------------
ISAserver.org <http://www.isaserver.org/>
MSExchange.org <http://www.msexchange.org/>
VirtualizationAdmin.com <http://www.virtualizationadmin.com/>
WindowsNetworking.com <http://www.windowsnetworking.com/>

----------------------------------------------------------------
Visit the Subscription Management (http://www.techgenix.com/newsletter/) section to unsubscribe.
WindowSecurity.com is in no way affiliated with Microsoft Corp.
For sponsorship information, contact us at advertising@windowsecurity.com

Copyright c WindowSecurity.com 2011. All rights reserved.

No comments:

Post a Comment