diy patch management
play

DIY Patch Management F L O R I A N J U N G E ( @ S H A N T YC O D - PowerPoint PPT Presentation

Jan 09, 2023 •142 likes •635 views

DIY Patch Management F L O R I A N J U N G E ( @ S H A N T YC O D E ) I N G O B E N T E ( @ I N G O B E N T E ) B S I D E S M U N I C H 2 0 1 8 Patching Isnt that solved? Nope, its not. R E M E M B E R T H O S E R A N S O M

  1. DIY Patch Management F L O R I A N J U N G E ( @ S H A N T YC O D E ) I N G O B E N T E ( @ I N G O B E N T E ) B S I D E S M U N I C H 2 0 1 8

  2. Patching 
 Isn’t that solved?

  3. Nope, it’s not. R E M E M B E R T H O S E R A N S O M WA R E N E W S I N 2 0 1 7 ?

  4. https://en.wikipedia.org/wiki/WannaCry_ransomware_attack 4 SINNERSCHRADER BSides Munich | DIY Patch Management | 2018

  5. Example WannaCry • WannaCry hit the world on May 12 2017 • It spread via a vulnerability called EternalBlue • EternalBlue was fixed by Microsoft on March 14 2017 SINNERSCHRADER

  6. Example WannaCry • WannaCry hit the world on May 12 2017 • It spread via a vulnerability called EternalBlue • EternalBlue was fixed by Microsoft on March 14 2017 SINNERSCHRADER

  7. 2 months between patch and outbreak I . E . YO U CA N WO R RY L E S S A B O U T 0 DAYS : )

  8. Patching is hard AT L E AST I N M A N Y R E A L WO R L D S C E N A R I O S.

  9. But why? I M E A N I T WO R KS O N O U R FA M I LY M E M B E R S C O M P U T E R S, TO O.

  10. Constraints L E GAC Y : E N D O F L I F E O S T H AT I S N OT PATC H A B L E .

  11. Constraints AVA I L A B I L I T Y : H OW TO R E B O OT T H AT H Y P E RV I S O R C L U ST E R ?

  12. Constraints M O N E Y : I T WO R KS W I T H O U T T H E PATC H , D O E S N ’ T I T ?

  13. So what now? L E T ’ S TA K E A G L I M P S E I N TO O U R WO R L D.

  14. SinnerSchrader Ecosystem

  15. In a world where … • N tenants • M tech stacks • N x M requirements SINNERSCHRADER

  16. In a world where … • Heterogenous infrastructure • OS-wise mostly Debian and Ubuntu • Packed into VMs and Containers • Yes, there is also some serverless stuff :) SINNERSCHRADER

  17. In a world where … Inconsistent patch management N E V E R , S O M E T I M E S, R E G U L A R LY.

  18. In a world where … Commercial scanners? N O B U D G E T. W E A R E N OT T H AT E N T E R P R I SY.

  19. Lessons learned … so far • Installation is easy • Patching is hard • Knowing when to patch is even harder SINNERSCHRADER

  20. Not cool S O W E WA N T E D TO C H A N G E T H AT.

  21. Solution - the easy part • Manually scan for all the CVEs • Automate CVE scans (i.e. daily) • Gather all the logs SINNERSCHRADER

  22. Solution - the tricky part • Dashboard everything • Get metrics that CXOs can understand • Take action (i.e. patch) and check the metrics • Lean back … for now SINNERSCHRADER

  23. Building blocks

  24. • CVE scanner to audit VMs • Integration to config management • Central logging and dashboarding SINNERSCHRADER

  25. Spot the vuln - the audit • Vulnerability databases • Vulnerability scanner • Vulnerability subscriptions • Freemium pricing model • Nice people :) SINNERSCHRADER

  26. Spot the vuln - the audit • nmap plugin • Burp plugin • getsploit • API SINNERSCHRADER

  27. Spot the vuln - CVE scanner • Get installed packages • Audit each for CVEs • Get CVSS scores SINNERSCHRADER

  28. Demo V U L N E R S. C O M A P I

  29. Orchestration via config management • Do it! • Our solution: SaltStack • Codify your update strategy https://docs.saltstack.com/en/getstarted/overview.html SINNERSCHRADER

  30. Orchestration • Define systems with formula • Minion matching • Template engine https://docs.saltstack.com/en/getstarted/overview.html SINNERSCHRADER

  31. Three patch management flavours • Unattended upgrades • Orchestrated updates • Patch Day https://en.wikipedia.org/wiki/Neapolitan_ice_cream SINNERSCHRADER

  32. Centralized Logging • E lasticsearch • L ogstash • K ibana figure based on https://www.elastic.co/guide/en/logstash/current/introduction.html SINNERSCHRADER

  33. SINNERSCHRADER

  34. Demo K I B A N A . S Z O P S. D E

  35. The big picture 35 SINNERSCHRADER BSides Munich | DIY Patch Management | 2018

  36. The big picture 36 SINNERSCHRADER BSides Munich | DIY Patch Management | 2018

  37. The big picture 37 SINNERSCHRADER BSides Munich | DIY Patch Management | 2018

  38. Limitations

  39. There are some limitations A K A ST U F F T H AT C O M P L I A N C E FO L KS L I K E LY WO N ’ T F I N D, B U T T H AT YO U K N OW I S T H E R E …

  40. Tales from the kernel • Notice version encoded in package name • This confuses vulners (no CVEs) • As well as unattended upgrades (yep, no upgrades) SINNERSCHRADER

  41. Tales from the kernel - the fix • Install the meta package linux-image-generic SINNERSCHRADER

  42. Reboot hassle • Running old kernel although newer one is installed 42 SINNERSCHRADER BSides Munich | DIY Patch Management | 2018

  43. Reboot hassle - the fix • Monitor uptime of your servers ;-) • The two metrics that matter for host security by Diogo Monica 43 SINNERSCHRADER BSides Munich | DIY Patch Management | 2018

  44. Next steps

  45. Next steps • Fix some quirks ;-) • Container checks with Claire • AWS integration • nsp check SINNERSCHRADER

  46. Alternatives • OpenVAS / vuls • https://github.com/0x4D31/salt-scanner • Your-typical-Enterprise-Distribution-Mgmt-here • Reverse uptime & Golden image freshness SINNERSCHRADER

  47. Kudos • Kirill Ermakov from Vulners.com(@isox_xx) • Christoph Trautwein (@trautw) & the S2 ops crew SINNERSCHRADER

  48. Thanks!

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Centralised patch management J. Barhorst & M. Pels July 5, 2005 What did we do? Contents

Centralised patch management J. Barhorst & M. Pels July 5, 2005 What did we do? Contents

Centralised patch management J. Barhorst & M. Pels July 5, 2005 What did we do? Contents Activities Comparison Look at client update tools Requirements Create list of research topics Proof of Concept Conclusion

389 views • 16 slides
An Analysis of Patch Plausibility and Correctness of

An Analysis of Patch Plausibility and Correctness of

An Analysis of Patch Plausibility and Correctness of Generate-And- Validate Patch Genera8on System Zichao Qi , Fan Long, Sara Achour, and Mar8n Rinard MIT

323 views • 29 slides
PATCH MANAGER. The Comprehensive Connectivity and Asset Management Software Solution About

PATCH MANAGER. The Comprehensive Connectivity and Asset Management Software Solution About

PATCH MANAGER. The Comprehensive Connectivity and Asset Management Software Solution About Patchmanager B.V. Software technology company Established in 2002 Based out of Amsterdam, the Netherlands Independent, owner

493 views • 20 slides
La Larg rge-Scal Scale Patch Patch Reco comme mmendati ation at at Alibab aba Xindong

La Larg rge-Scal Scale Patch Patch Reco comme mmendati ation at at Alibab aba Xindong

La Larg rge-Scal Scale Patch Patch Reco comme mmendati ation at at Alibab aba Xindong Zhang 1 , Chenguang Zhu 2 , Yi Li 3 , Jianmei Guo 1 , Lihua Liu 1 , and Haobo Gu 1 1. Alibaba Group 2. University of Texas at Austin 3. Nanyang

462 views • 7 slides
Non-Inferiority Assessment of Patch Adhesion Non-Inferiority Assessment of Patch Adhesion and and

Non-Inferiority Assessment of Patch Adhesion Non-Inferiority Assessment of Patch Adhesion and and

5/21/2015 Non-Inferiority Assessment of Patch Adhesion Non-Inferiority Assessment of Patch Adhesion and and Dermatology Irritation of Post-Market Dermatology Irritation Evaluation Change and Generic Drug Evaluation Presented by Mark Liu,

529 views • 22 slides
How to install Patch Manager Plus at AWS Steps to install Patch Manager Plus at AWS 1. Login to

How to install Patch Manager Plus at AWS Steps to install Patch Manager Plus at AWS 1. Login to

How to install Patch Manager Plus at AWS Steps to install Patch Manager Plus at AWS 1. Login to Aws console 2. Select launch instance 3. Select your OS 4. Choose instance type 5. Select VPC 6. Add storage 7. Tag your instance 8. Configure security

185 views • 14 slides
Garbage Patch What is it and why is it occuring? -600,000 Square Miles (twice the size of Texas)

Garbage Patch What is it and why is it occuring? -600,000 Square Miles (twice the size of Texas)

Great Pacific Garbage Patch What is it and why is it occuring? -600,000 Square Miles (twice the size of Texas) -1.8 Trillion pieces of microplastic (not biodegradable) -88,000 Tons -Comprised of the Western Garbage Patch (near Japan) and

388 views • 6 slides
Collaborative Project Call ID FP7-SST-2008-RTD-1 Proposal N 233969 Acronym:

Collaborative Project Call ID FP7-SST-2008-RTD-1 Proposal N 233969 Acronym:

COMPOSITE MPOSITE PATCH PATCH REPAIR REPAIR CO OF METALLIC MARINE STRUCTURES OF METALLIC MARINE STRUCTURES Collaborative Project Call ID FP7-SST-2008-RTD-1 Proposal N 233969 Acronym: "Co-Patch www.co-patch.com Duration: 36

663 views • 21 slides
PATCH PLANER EX Series UNIVERSAL CUTTER ES Series by Chris Goebel 11/2012 PATCH PLANER EX

PATCH PLANER EX Series UNIVERSAL CUTTER ES Series by Chris Goebel 11/2012 PATCH PLANER EX

PATCH PLANER EX Series UNIVERSAL CUTTER ES Series by Chris Goebel 11/2012 PATCH PLANER EX Series UNIVERSAL CUTTER ES Series by Chris Goebel 03/2013 EX Patch Planer for Excavators EX Patch Planer for Excavators EX Patch Planer for

1.27k views • 80 slides
Versions all the way down Versioning commits and patches with git-series Josh Triplett

Versions all the way down Versioning commits and patches with git-series Josh Triplett

Versions all the way down Versioning commits and patches with git-series Josh Triplett josh@joshtriplett.org LinuxCon North America 2016 RFC: feature RFC: feature Development git commit git format-patch -3 git format-patch -3 [PATCH 1/3]

1.19k views • 105 slides
0-Day Patch Exposing vendors (in)security performance BlackHat Europe 2008 Amsterdam Stefan

0-Day Patch Exposing vendors (in)security performance BlackHat Europe 2008 Amsterdam Stefan

BLACKHAT Europe 2008 0-Day Patch 0-Day Patch Exposing vendors (in)security performance BlackHat Europe 2008 Amsterdam Stefan Frei + Bernhard Tellenbach Communication Systems Group ETH Zurich Switzerland http://www.csg.ethz.ch

414 views • 17 slides
A Plan 9 Approach to Hierarchical Patch Dynamics John (EBo) David IWP9 2010 Seattle, WA Many

A Plan 9 Approach to Hierarchical Patch Dynamics John (EBo) David IWP9 2010 Seattle, WA Many

A Plan 9 Approach to Hierarchical Patch Dynamics John (EBo) David IWP9 2010 Seattle, WA Many Problems are Inherently Multiscale Wu & David (2001) Hierarchical Patch Dynamics (HPD) ( Wu and Loucks 1995) HPD explicitly integrates

188 views • 15 slides
About unchecked management Conclusion Bruno Pujos July 16, 2016 Bruno Pujos 1 / 45 Whoami

About unchecked management Conclusion Bruno Pujos July 16, 2016 Bruno Pujos 1 / 45 Whoami

About unchecked management SMM & UEFI Vulnerability Patch About unchecked management Conclusion Bruno Pujos July 16, 2016 Bruno Pujos 1 / 45 Whoami About unchecked management SMM & UEFI Vulnerability Patch Conclusion Bruno

1.03k views • 45 slides
Bruin Patch & Big Wave C ate ring Recipe for Success: Community Partnerships Recipe for

Bruin Patch & Big Wave C ate ring Recipe for Success: Community Partnerships Recipe for

Brookings-Harbor School District 17C School-based Businesses Bruin Patch & Big Wave C ate ring Recipe for Success: Community Partnerships Recipe for success OSU Extension Office Local School District 4H Youth Bruin Patch &

612 views • 12 slides
Review of Patch Reviewing Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018

Review of Patch Reviewing Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018

Review of Patch Reviewing Stephen Frost Crunchy Data stephen@crunchydata.com PGConf.EU 2018 October 24, 2018 Introduction About Patches Commitfests Reviewing a Patch Committing Patches Committers Stephen Frost Chief Technology Officer @

637 views • 25 slides
Ordinance Slide PHOTO 1: Deteriorated brownstone unit. PHOTO 2: Loose brownstone, pointing, and

Ordinance Slide PHOTO 1: Deteriorated brownstone unit. PHOTO 2: Loose brownstone, pointing, and

Ordinance Slide PHOTO 1: Deteriorated brownstone unit. PHOTO 2: Loose brownstone, pointing, and patch material. PHOTO 4: Deteriorated patch repair after manual removal. PHOTO 3: Deteriorated patch repairs and vertical cracks in brownstone.

554 views • 26 slides
MOBILE APPLICATIONS AND CLOUD COMPUTING Roberto Beraldi Course Outline 6 CFUs Topics:

MOBILE APPLICATIONS AND CLOUD COMPUTING Roberto Beraldi Course Outline 6 CFUs Topics:

MOBILE APPLICATIONS AND CLOUD COMPUTING Roberto Beraldi Course Outline 6 CFUs Topics: Mobile application programming (Android) Cloud computing To pass the exam: Individual working and documented application in android

768 views • 42 slides
Value capturing Tangible and Intangible Benefits Customer loyalty

Value capturing Tangible and Intangible Benefits Customer loyalty

BMI.2X block 3 video 1 Value capturing Tangible and Intangible Benefits Customer loyalty Innova4on from networking Tangible Intangible Revenue Models 500 min. 200 msg.

389 views • 10 slides
Tools git: Theory git: Use Git and (other) Tools for Cooperation git: Tools Project

Tools git: Theory git: Use Git and (other) Tools for Cooperation git: Tools Project

Tools git: Theory git: Use Git and (other) Tools for Cooperation git: Tools Project References Jrg Cassens, Rebekah Wegener, Jens Rademacher, Bastian Stender SoSe 2019 Lab Course Media Informatics SoSe 2019 Jrg Cassens, Rebekah

1.06k views • 89 slides
GOMACTech-2019 BlackParrot An Open-Source, Industrial-Strength, RISC-V, Linux Capable, Multicore

GOMACTech-2019 BlackParrot An Open-Source, Industrial-Strength, RISC-V, Linux Capable, Multicore

GOMACTech-2019 BlackParrot An Open-Source, Industrial-Strength, RISC-V, Linux Capable, Multicore Processor 28 MAR 2019 Mark Wyse University of Washington DISTRIBUTION STATEMENT A. Approved for public release: distribution is unlimited. We

367 views • 15 slides
OPEN EDITION Diffuser les rsultats de la recherche en sciences humaines et sociales

OPEN EDITION Diffuser les rsultats de la recherche en sciences humaines et sociales

#OSSPARIS1 6 DITION 2016 | 16 & 17 NOVEMBRE UN EVENEMENT EN PARTENARIAT AVEC LE OPEN EDITION Diffuser les rsultats de la recherche en sciences humaines et sociales #OSSPARIS 16 sur le web ouvert #OSSPARIS 16 Limpact de

166 views • 12 slides
A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

ASIAN07 A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara Bodei 2 , Pierpaolo Degano 2 , Hanne Riis Nielson 1 Informatics and Mathematics Modelling, Technical University of Denmark 1 Dipartimento di

435 views • 20 slides
rfc4474bis + PASSporT + certs IETF 98 (Chicago) STIR WG The good news Were done, pretuy

rfc4474bis + PASSporT + certs IETF 98 (Chicago) STIR WG The good news Were done, pretuy

rfc4474bis + PASSporT + certs IETF 98 (Chicago) STIR WG The good news Were done, pretuy much Past IESG review, ballot cleared (!) Stjll a litule cleanup to do, mostly on certs Last minute fjxes Synchronizatjon across drafus

426 views • 23 slides
New approaches for evaluation: correctness and freshness Pablo S anchez Rus M. Mesas

New approaches for evaluation: correctness and freshness Pablo S anchez Rus M. Mesas

New approaches for evaluation: correctness and freshness Pablo S anchez Rus M. Mesas Alejandro Bellog n Universidad Aut onoma de Madrid Escuela Polit ecnica Superior Departamento de Ingenier a Inform atica V Congreso

1.04k views • 75 slides

More recommend