Proactive Security Management - Large Enterprise Business - HP

More documents

Recommendations

Info

3–18 Table 3–1 Microsoft Security Patch Management Tool Comparison Feature MBSA Windows Update SUS WUS (beta) SUS Feature Pack for SMS Supported Platforms and Applications Supported Security Patch Content Windows NT 4.0, Windows 2000, Windows XP, Windows Server 2003, IIS, SQL, Exchange, Internet Explorer, and Windows Media Player Analysis of missing security patches for the above applications— cannot perform actual distribution and installation Windows 2000, Windows Server 2003, Windows XP Software updates, critical driver updates, and service packs (SPs) Windows 2000, Windows Server 2003, Windows XP Professional Software updates, critical driver updates, SPs, and feature packs (FPs) Windows 2000, Windows Server 2003, Windows XP Professional, Office 2003, Office XP, Exchange 2003, SQL Server 2000, and MSDE Software updates, critical driver updates, SPs, FPs for Windows OSs and patches for MS Office, SQL Server, and Exchange Server Same as WUS, plus Windows NT 4.0 and Windows 98, can update any other Windows-based software Software updates, SPs, FPs and update and application installation of any Windows-based software Availability Free Free Free Free Based on SMS licensing Targeting Content to Systems Network Bandwidth Optimization Patch Installation and Scheduling Flexibility Patch Installation Status Reporting Not applicable Not applicable Not applicable Simple (based on AD groups, OUs) Not applicable Yes No Yes Yes Not applicable Manual and enduser controlled Not applicable Install errors and list of missing updates reported to user No Simple Advanced No Simple Advanced Deployment Planning Not applicable Not applicable No Simple Advanced Inventory Management Not applicable Not applicable No No Compliance Checking Not applicable Not applicable No No, status reporting only HP-UX Patch Management Tools Advanced (based on AD groups, OUs, WMI queries) Advanced HP provides a set of tools for managing HP-UX security patch updates in an efficient and effective way. These tools include the Security Patch Check, Bastille, and Install-Time Security. Security Patch Check (SPC) generates a report of recommended security patches for the HP-UX system and identifies those patches with warnings present. Bastille is an open-source, GNU Public License (GPL) security hardening and lockdown tool. It can be configured to run SPC automatically at regular intervals. This ensures timely identification of new vulnerabilities. Install-Time Security (ITS) verifies that the system is secure by default at installation. SPC is integrated with ITS to ensure that security patches are current on the server at the time of installation. Bastille can then be set to ensure that SPC runs regularly. Summary Security patch management is paramount to maintaining a proactive stance against threats and vulnerabilities. A number of tools available from HP help organizations to manage security independently and effectively across various OSs and platforms. For more effective business continuity and enterprise level protection, security patch management tools can be tied into the larger IT management function via integration with a general patch management tool. In addition, HP's Security Incident Management
program identifies and prioritizes critical patches. It conducts system audits to ensure compliance and calculates business risks associated with newly identified vulnerabilities. HP can provide the right level of solution for any business requirement. Active Countermeasures Organizations need to be prepared to deal with unpreventable, fast-spreading attacks. Known problems, whether fast or slow, can be prevented. Organizations experiencing slow, unknown problems normally have adequate response time. As Figure 3–5 illustrates, the problem space occurs when an attack is unknown and quick to spread. Figure 3–5 Matrix for Speed of Attack and Vulnerability Identification When vulnerabilities are known, tactics such as patches, anti-virus software, perimeter defenses, and scanning can help. On the other hand, slow-spreading attacks can be handled with human-mediated responses, such as generating and distributing threat signatures, monitoring for intrusions, and changing firewall rules. The biggest concern is preventing new, fast-spreading attacks. In most IT environments today, these attacks run rampant until IT staff intervenes. This is where HP can help. HP has invented a vulnerability scanning and mitigation technology named Active Countermeasures—a powerful tool for identifying and managing vulnerable systems in an enterprise network. HP has employed Active Countermeasures to protect HP's corporate network since 2002, and the technology has assisted in protecting HP from a number of major Internet worm attacks. Active Countermeasures is an HP patented technology and is available from HP Services. History In July of 2001, a destructive worm known as Code Red attacked the Internet. It spread rapidly, caused widespread service delays, and cost millions of dollars due to lost productivity and cleanup efforts. HP, like other major companies, suffered as the worm saturated HP's worldwide computer networks. In response to the Code Red attack, a team of HP Labs researchers in the Bristol Trusted Systems Laboratory isolated the Code Red worm, reverse engineered its payload, and then constructed their own countermeasure intended to identify and disable vulnerable systems on HP's network. HP IT Security, working alongside HP Labs researchers, introduced this countermeasure across HP's entire corporate network to find and mitigate vulnerable systems. Proactive Security Management 3–19
Page 1 and 2: Chapter 3 Proactive Security Manage
Page 3 and 4: methods, technologies, and services
Page 5 and 6: Complying With Changing Regulations
Page 7 and 8: Figure 3-2 Overview of HP Proactive
Page 9 and 10: • Security incidents that are pro
Page 11 and 12: To support the Security Incident Ma
Page 13 and 14: • Manage the SEM system from a hi
Page 15 and 16: HP's Partners and HP OpenView Curre
Page 17: list, the Federal Computer Incident
Page 21 and 22: Information Sharing and Analysis Ce

Proactive Security Management - Large Enterprise Business - HP

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?