Smack The Stack: Stack Protection Patches
From time to time, a new patch or security feature is integrated to raise the bar on buffer overflow exploiting. This paper includes five creative methods to overcome various stack protection patches, but in practical focus on the VA (Virtual Address) space randomization patch that have been integrated to Linux 2.6 kernel. These methods are not limited to this patch or another, but rather provide a different approach to the buffer overflow exploiting scheme.
Read the Article
|
Location Based Windows Patch Management
In order to propagate, both these worms used known security vulnerabilities in the Windows operating system, vulnerabilities that at that time were already addressed by Microsoft and fixed by security updates it had released. The huge number of computers that were infected serves to show a lack, both in awareness on the side of users as well as in effective tools for administrators to consistently enforce a Windows patch management policy.
Read the Article
|
Beating Hackers to the Patch
It's a good thing the Blaster worm and its variations weren't really insidious. Had it devastated hard drives, it could have inflicted billions of dollars in lost productivity and other damages globally.
Read the Article
|
How to handle patch management
"We see people looking for a tool that will solve all their problems, but what you need is a process; it's not just about the tool," says Felicia Nicastro, senior network systems consultant for International Network Services, a consulting firm that kicked off a patch management service in September. Nicastro says the biggest mistake companies make is leaving out the processes, such as diligent monitoring for new patches coupled with detailed evaluation, testing, deployment and validation that a team or individual manages.
Read the Article
|
Patching Windows 2000
Installing Service Packs and hotfixes is an ongoing challenge. Each time you install a file or service from the original installation media, you must re-apply the Service Pack and Hotfixes (in case the original media installation installed a file that was subsequently addressed in a Service Pack or Hotfix). Typically, installation of the Service Pack prompts the user to reboot the host upon completion. Each hotfix also prompts the user to reboot the host. In some cases, this would require rebooting the machine 10+ times! On top of all this, the fixes must sometimes be installed in a particular order. Not many systems administrators have time to do this across the X number of machines in their enterprise.
Read the Article
|
Patch Management as a Necessary Part of Defense In Depth a Case Study
The purpose of this policy is to establish standards for the timely and continuous vulnerability scanning and patch management of equipment that is owned and operated by the Institute of Basic Cellular Research (IBCR). Effective implementation of this policy will minimize unauthorized access to Institute of Basic Cellular Research (IBCR) proprietary information and technology.
Read the Article
|
The vicious circle of patch management
Network administrators spend their days overwhelmed by the task of testing and deploying patches to vulnerable systems. It's not just the volume of patches that gets them down but, once patches have been deployed, they've got to worry that those fixes don't break other applications.
Read the Article
|
Windows patch management tools
Patch management tools should identify accurately which patches are missing on each system, provide an easy means to deploy patches and provide administrative reports tracking patch status across multiple machines. The products we tested (see How we did it) attack the problem in two ways - with or without agent software. Agent-based products - such as those from PatchLink and BigFix - can greatly reduce network traffic by offloading processing and analysis to the target system, saving data until it needs to report to the central server. But they also force an administrator to manage software on all systems the product analyzes.
Read the Article
|
Patch ROI Spreadsheet
This is a free ROI calculator in a form of Excel spreadsheet that you can plug your numbers and see the patching cost is relevant to your enterprise.
Read the Article
|
A Patch in Time
Victor Barra simply didn't have the staff to keep the more than 1,000 Windows servers at Siemens Medical patched. More than once, malware attacks brought down systems and cost the company hundreds of thousands of dollars. Last summer's Blaster worm was the last straw.
Read the Article
|
