ECSA/ LPT EC Council Module XL EC - Council Security Patches P e n et r at i o n T est in g eetato est g Penetration Testing Roadmap Start Here Information Vulnerability External Gathering Analysis Penetration Testing Fi ll Router and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration Testing Denial of Service Penetration Testing Password Cracking Stolen Laptop, PDAs and Cell Phones Social Engineering Application Cont’d EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testing Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Database VoIP Securit y Penetration Testing Penetration testing Penetration Testin g Vi d Vi rus an d Trojan Detection War Dialing VPN Penetration Testing Log Management Penetration Testing File Integrity Checking Blue Tooth and Hand held Device Penetration Testing Telecommunication And Broadband Comm nication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End Here EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Comm u nication Penetration Testing g Penetration Testing Penetration Testing Patch Management It is a part of system management which involves acquiring, It is a part of system management which involves acquiring, testing, and installing of patches to an administrated computer system. Patch management tasks include: • Maintaining current knowledge of the available patches. • Deciding what patches are appropriate for the particular systems. Ei h h illd l • E nsur i ng t h at patc h es are i nsta ll e d proper l y. • Testing systems after installation. • Documenting all associated procedures, such as specific configurations required EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited configurations required . Patch and Vulnerability Group (PVG) (PVG) PVG d l ith l bilit di ti ff t lik OS PVG d ea l s w ith vu l nera bilit y reme di a ti on e ff or t s lik e OS , application patching, and configuration changes. Responsibilities of PVG: • Conduct testing of patches and non-patch remediation • Create a database of remediation Di t ib t i f ti l t d t l bilit d di ti • Di s t r ib u t e i n f orma ti on re l a t e d t o vu l nera bilit y an d reme di a ti on to the local administrators • Configure automatic update of applications • Monitor security sources for vulnerability announcements like EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Monitor security sources for vulnerability announcements like patch and non-patch remediation Penetration Testing Steps 1 • Check if organizations have a PVG in place 2 • Check whether the security environment is updated • Check whether organization use automated patch management tools 3 Check whether organization use automated patch management tools 4 • Check the last dates of patching 5 • Check the patches on non-production systems 6 • Check the vender authentication mechanism 6 7 • Check whether downloaded patches contain viruses EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited 8 • Check for dependency on new patches Step 1: Check If Organizations has a PVG in Place has a PVG in Place Chec k whether the or g anization has a team o f Patch and g Vulnerability Group (PVG). EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 2: Check Whether the Security Environment are Updated Environment are Updated New types of vulnerabilities may arise with the installation of new patches. These new patches may affect the security environment. li i i h d hk Tr y an y ma li c i ous act i on on t h esystem,an d c h ec k whether the security environment such as firewall, antivirus, and security software tools are updated. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 3: Check Whether Organization use A utomated Patch Mana g ement Tools g Check whether organizations use automated patch management l h ZEN k Ph M d too l s, suc h as ZEN wor k s P atc h M anagement an d UpdateEXPERT. EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Step 4: Check the Last Dates of Patching Patching Check whether Ch k th l t the database is maintained for patching by Ch ec k th e l as t date when a patch was illd patching by PVG. i nsta ll e d . EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited [...]... Strictly Prohibited Step 8: Check for Dependency of New Patches Check whether there is dependency between the b h patches if installed sequentially EC-Council Check whether installing new patch inadvertently uninstalls or disables another patch patch New Patches Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Security Checklist for Patch Management O ga at o s s ou...Step 5: Check the Patches on NonProduction Systems Patches may contain malicious code that affects the system Before installing on the main system, check whether the patches and configuration modifications are tested on the non-production systems EC-Council Copyright © by EC-Council All Rights... Reserved Reproduction is Strictly Prohibited Summary Patch management is a part of the system management which involves acquiring, testing, and installing of patches to an administrated computer system New types of vulnerabilities arise with the installation of latest patches h Organizations should create a patch and vulnerability group (PVG) EC-Council Copyright © by EC-Council All Rights Reserved... Management O ga at o s s ou d c eate Organizations should create a patch patc and vulnerability group (PVG) Organizations should use automated patch management tools Download the patches from home site o t e p oduct of the product Scan the patches for viruses viruses EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Patch Management Tools Altiris Patch Management Solution... Suite Ecora Patch M E P t h Manager eTrust Vulnerability Manager GFI LANguard Network Security Scanner Hercules HFNetChkPro HP OpenView Patch Manager using Radia EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Patch Management Tools (cont’d) LiveState Patch Manager ManageSoft Security Patch Management Marimba Patch Management NetIQ Vulnerability Manager Opsware... Patch Manager SecureCentral PatchQuest Security Update Manager EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Patch Management Tools (cont’d) Systems Management Server SysUpdate UpdateEXPERT Windows Server Update Services ZENworks Patch Management LANDesk Patch Manager Service Pack Manager Sitekeeper (Patchkeeper module) Software Update Services p Kaseya... Authentication Mechanism Check whether the downloaded patches are checked against any of the authentication methods The authentication method can be: • Cryptographic checksums yp g p • Pretty Good Privacy (PGP) signatures • Digital certificates EC-Council Copyright © by EC-Council All Rights Reserved Reproduction is Strictly Prohibited Step 7: Check Whether Downloaded Patches Contain Viruses Try to download any . Prohibited Penetration Testing Penetration Testin g Penetration Testing Penetration Testing Penetration Testing Roadmap (cont ’ d) (cont d) Cont’d Physical Database VoIP Securit y Penetration Testing Penetration. Testing Fi ll Router and Internal Fi rewa ll Penetration Testing Router and Switches Penetration Testing Internal Network Penetration Testing IDS Penetration Testing Wireless Network Penetration. Hand held Device Penetration Testing Telecommunication And Broadband Comm nication Email Security Penetration Testin g Security Patches Data Leakage Penetration Testing End Here EC-Council Copyright