Centralised patch management J. Barhorst & M. Pels July 5, - - PowerPoint PPT Presentation

▶

Oct 15, 2023 210 likes •390 views

Centralised patch management J. Barhorst & M. Pels July 5, 2005 What did we do? Contents Activities Comparison Look at client update tools Requirements Create list of research topics Proof of Concept Conclusion

SLIDE 1

Centralised patch management

J. Barhorst & M. Pels

July 5, 2005

SLIDE 2

What did we do?

Jul 5, 2005 Centralised patch management 2/12

Look at client update tools
Create list of research topics
Investigate three existing patch management

systems

Compose list of functional requirements for ideal

patch management

Build Proof of Concept

➔ Activities ➢ Comparison ➢ Requirements ➢ Proof of Concept ➢ Conclusion

SLIDE 3

Existing systems

Jul 5, 2005 Centralised patch management 3/12

➢ Activities ➔ Comparison ➢ Requirements ➢ Proof of Concept ➢ Conclusion

SLIDE 4

Ideal requirements (1/5)

Patches:

Acquire via existing mechanisms or a third party
Rollback capability
Verification (digital signature, checksum)
Multi-platform

➔ Impossible to support everything ➔ Multiple PMS's is not a bad thing

Jul 5, 2005 Centralised patch management 4/12

➢ Activities ➢ Comparison ➔ Requirements ➢ Proof of Concept ➢ Conclusion

SLIDE 5

Ideal requirements (2/5)

End users:

Should not be able to reject or rollback patches
Reboot options should be versatile:

➔ Warning ➔ Postpone ➔ Deadline ➔ After office hours

Jul 5, 2005 Centralised patch management 5/12

➢ Activities ➢ Comparison ➔ Requirements ➢ Proof of Concept ➢ Conclusion

SLIDE 6

Ideal requirements (3/5)

Distribution:

Agent & existing mechanisms
Prioritization (based on risk / severity)
Grouping of hosts (servers / workstations)
“One, some, many”

Administration:

Approve / reject patches
Custom patches / scripts

Jul 5, 2005 Centralised patch management 6/12

➢ Activities ➢ Comparison ➔ Requirements ➢ Proof of Concept ➢ Conclusion

SLIDE 7

Ideal requirements (4/5)

User interface / Framework:

User-friendliness
Access control
Backups / restore
More information about patches (CVE)

Infrastructure:

Multicast / peer-to-peer / multiple servers
Low / expensive bandwidth users
Inventory building

Jul 5, 2005 Centralised patch management 7/12

➢ Activities ➢ Comparison ➔ Requirements ➢ Proof of Concept ➢ Conclusion

SLIDE 8

Ideal requirements (5/5)

Reporting:

Alerting (SMS, e-mail, etc)
Reports

➔ Patches (succes, failure, new, rejected, etc) ➔ Hosts (completely patched, missing patches) ➔ Groups (hosts, approved patches) ➔ . . .

Jul 5, 2005 Centralised patch management 8/12

➢ Activities ➢ Comparison ➔ Requirements ➢ Proof of Concept ➢ Conclusion

SLIDE 9

Proof of Concept

Why a Proof of Concept?
Why APT?
Why Ubuntu?

Jul 5, 2005 Centralised patch management 9/12

➢ Activities ➢ Comparison ➢ Requirements ➔ Proof of Concept ➢ Conclusion

SLIDE 10

Components

Jul 5, 2005 Centralised patch management 10/12

➢ Activities ➢ Comparison ➢ Requirements ➔ Proof of Concept ➢ Conclusion

SLIDE 11

APT module

Synchronize

➔ Download Package & Release file ➔ Verify signature & checksums ➔ Store package info in database

Build

➔ Retrieve package info from database ➔ Make new Package & Release file ➔ Create digital checksums & signature

Jul 5, 2005 Centralised patch management 11/12

➢ Activities ➢ Comparison ➢ Requirements ➔ Proof of Concept ➢ Conclusion

SLIDE 12

Conclusion

Product investigation
Ideal requirements
Proof of Concept
Future work

Jul 5, 2005 Centralised patch management 12/12

➢ Activities ➢ Comparison ➢ Requirements ➢ Proof of Concept ➔ Conclusion

SLIDE 13

Questions?

SLIDE 14

Screenshots (1/3)

SLIDE 15

Screenshots (2/3)

SLIDE 16

Centralised patch management

What did we do?

systems

patch management

Contents

Existing systems

Contents

Ideal requirements (1/5)

Patches:

Contents

Ideal requirements (2/5)

End users:

Contents

Ideal requirements (3/5)

Distribution:

Administration:

Contents

Ideal requirements (4/5)

User interface / Framework:

Infrastructure:

Contents

Ideal requirements (5/5)

Reporting:

Contents

Proof of Concept

Contents

Components

Contents

APT module

Contents

Conclusion

Contents

Questions?

Screenshots (1/3)

Screenshots (2/3)

Screenshots (3/3)