I’ve just added a whitepaper on WSUS 3.0 to my website. I go into the reasons for automated patching, the options, an overview os WSUS 3.0, deploying it and configuring/using it.
Note: the document is based on Beta 1.
When people think about IT security, they think about firewalls and antivirus. Firewalls are important but only go so far as to protect your network against a direct attack. A firewall will only prevent illegitimate forms of traffic from the internet. It doesn’t stop traffic on legitimate ports or downloads. Firewall defences have been compared to eggs: hard on the outside but soft on the inside. Anti-virus will only protect you against known threats. Many organisations have made the mistake of thinking that firewalls combined with antivirus will give them a complete defence against threats. That’s a nice wish but it’s not true.
Consider the SQL Slammer virus that hit the Internet in early 2003. Within minutes of its release it crippled networks worldwide. How did this work? Surely people had firewalls in place? Yes they did. Was the antivirus up to date? Yes it was. The problem was that once it could easily get past the firewall and it was unknown to antivirus vendors. It also took advantage of a known flaw in Microsoft’s products that Microsoft had previously released a patch for. In fact they released the patch several months before hand and those organisations that had deployed it were protected against the virus. Microsoft had already released a free to use product called SUS that serviced the Windows product range but few had heard of it. In fact, few had any implemented process for regularly testing and deploying Microsoft updates.
In late 2003 a new virus started to cripple networks. Microsoft Blaster took advantage of a flaw in the RPC service. Surely in the time that had passed people had learned their lessons about keeping their machines up to date? It appeared that most had not. Microsoft had previously released an update to protect their products but few had deployed it.
Since this time Microsoft has spent much time campaigning and trying to raise customer awareness about the need to regularly test and deploy updates. A replacement for SUS called WSUS (2.0) was released. WSUS, again a free to use product, services all of the Microsoft product range and makes it easier for administrators or security officers to test and deploy updates on a production network.
My experience working on client sites and speaking with administrators is that both the awareness of this problem/solution and adoption of WSUS have been minimal. Many large organisation and government agencies do not maintain patch updates. This is either because they are not aware the solution exists, despites Microsoft’s efforts, or because they do not sufficiently understand the problem.
With this document I aim to show how you can manage updating your entire Microsoft network with minimal manual effort by using WSUS 3.0.
The document continues …