ECSA/ LPT
EC
Council
Module XL
EC
-
Council
Security Patches
P
e
n
et
r
at
i
o
n

T
est
in
g
eetato est g
Penetration Testing Roadmap
Start Here
Information
Vulnerability External
Gathering
Analysis Penetration Testing
Fi ll
Router and

Internal
Fi
rewa
ll
Penetration Testing
Router

and

Switches
Penetration Testing
Internal

Network
Penetration Testing
IDS
Penetration Testing
Wireless
Network
Penetration Testing
Denial of
Service
Penetration Testing
Password
Cracking
Stolen Laptop, PDAs
and Cell Phones
Social
Engineering
Application

Cont’d
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Penetration Testing
Penetration Testin
g
Penetration Testing
Penetration Testing
Penetration Testing Roadmap
(cont
’
d)
(cont d)
Cont’d
Physical
Database VoIP
Securit
y
Penetration Testing
Penetration testing Penetration Testin
g
Vi d
Vi
rus an
d

Trojan
Detection
War Dialing

VPN
Penetration Testing
Log
Management
Penetration Testing
File Integrity
Checking
Blue Tooth and
Hand held
Device
Penetration Testing
Telecommunication
And Broadband
Comm nication
Email Security
Penetration Testin
g
Security
Patches
Data Leakage
Penetration Testing
End Here
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Comm
u
nication

Penetration Testing

g
Penetration Testing
Penetration

Testing
Patch Management
It is a part of system management which involves acquiring,
It is a part of system management which involves acquiring,
testing, and installing of patches to an administrated
computer system.
Patch management tasks include:
• Maintaining current knowledge of the available patches.
• Deciding what patches are appropriate for the particular systems.
Ei h h illd l
•
E
nsur
i
ng

t
h
at

patc
h
es

are
i

nsta
ll
e
d
proper
l
y.
• Testing systems after installation.
• Documenting all associated procedures, such as specific
configurations required
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
configurations required
.
Patch and Vulnerability Group
(PVG)
(PVG)
PVG d l ith l bilit di ti ff t lik OS
PVG d
ea
l
s

w
ith
vu
l
nera
bilit

y

reme
di
a
ti
on

e
ff
or
t
s
lik
e
OS
,

application patching, and configuration changes.
Responsibilities of PVG:
• Conduct testing of patches and non-patch remediation
• Create a database of remediation
Di t ib t i f ti l t d t l bilit d di ti
•
Di
s
t
r
ib
u

t
e
i
n
f
orma
ti
on

re
l
a
t
e
d t
o

vu
l
nera
bilit
y

an
d
reme
di
a
ti
on


to the local administrators
• Configure automatic update of applications
•
Monitor security sources for vulnerability announcements like
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Monitor security sources for vulnerability announcements like
patch and non-patch remediation
Penetration Testing Steps
1
• Check if organizations have a PVG in place
2
• Check whether the security environment is updated
•
Check whether organization use automated patch management tools
3
Check whether organization use automated patch management tools
4
• Check the last dates of patching
5
• Check the patches on non-production systems
6
• Check the vender authentication mechanism
6
7
• Check whether downloaded patches contain viruses
EC-Council
Copyright © by EC-Council

All Rights Reserved. Reproduction is Strictly Prohibited
8
• Check for dependency on new patches
Step 1: Check If Organizations
has a PVG in Place
has a PVG in Place
Chec
k
whether the or
g
anization has a team o
f
Patch and
g
Vulnerability Group (PVG).
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 2: Check Whether the Security
Environment are Updated
Environment are Updated
New types of vulnerabilities may arise with the
installation of new patches.
These new patches may affect the security
environment.
li i
i
h
d
hk

Tr
y
an
y
ma
li
c
i
ous act
i
on on t
h
esystem,an
d
c
h
ec
k
whether the security environment such as firewall,
antivirus, and security software tools are updated.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 3: Check Whether Organization use
A
utomated Patch Mana
g
ement Tools
g
Check whether organizations use automated patch management

l
h
ZEN k
Ph
M
d
too
l
s, suc
h
as
ZEN
wor
k
s
P
atc
h
M
anagement an
d
UpdateEXPERT.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 4: Check the Last Dates of
Patching
Patching
Check whether
Ch k th l t

the database is
maintained for
patching by
Ch
ec
k th
e
l
as
t
date when a
patch was
illd
patching by
PVG.
i
nsta
ll
e
d
.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 5: Check the Patches on Non-
Production Systems
Production Systems
Patches may contain malicious code that affects the system.
Before installing on the main system, check whether the patches and
configuration modifications are tested on the non-production systems.

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 6: Check the Vender
Authentication Mechanism
Authentication Mechanism
Check whether the downloaded patches are checked
against any of the authentication methods.
The authentication method can be:
•Cr
yp
to
g
ra
p
hic checksums.
yp g p
• Pretty Good Privacy (PGP) signatures.
• Digital certificates.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 7: Check Whether Downloaded
Patches Contain Viruses
Patches Contain Viruses
Try to download any malicious or virus patch
on the system.
Run an anti-virus tool over downloaded virus
patch and check whether anti
-

virus detects
patch and check whether anti
virus detects
virus or not.
Check whether the virus signature database or
anti-virus program is up to date.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Step 8: Check for Dependency of
New Patches
New Patches
Check whether
Check whether
Check whether
there is
dependency
b h
installing new
patch
inadvertently
New Patches
b
etween

t
h
e

patches if installed

sequentially.
inadvertently
uninstalls or
disables another
patch
patch
.
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Security Checklist for Patch
Management
Management
O
r
ga
niz
at
i
o
n
s
s
h
ou
l
d
c
r
eate

a
patc
h
Oga ato s
soud
ceate
a
patc
and vulnerability group (PVG).
Organizations should use automated
patch management tools.
Download the patches from home site
of
t
h
e
p
r
oduct
.
o
te
poduct
.
Scan
the
patches
for
viruses
EC-Council

Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Scan
the
patches
for
viruses
.
Patch Management Tools
Altiris Patch Management Solution
ANSA
BigFix Patch Manager
BindView Patch Management
C5 Enterprise Vulnerability Management Suite
E Pth M
E
cora
P
a
t
c
h M
anager

eTrust Vulnerability Manager
GFI LANguard Network Security Scanner
GFI LANguard Network Security Scanner
Hercules
HFNetChkPro
EC-Council

Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
HFNetChkPro
HP OpenView Patch Manager using Radia
Patch Management Tools (cont’d)
LiveState Patch Manager
ManageSoft Security Patch Management
Marimba Patch Management
NetIQ Vulnerability Manager
Opsware Server Automation System
PatchLink Update
PolicyMaker Software Update
Prism Patch Manager
SecureCentral PatchQuest
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
Security Update Manager
Patch Management Tools (cont’d)
Systems Management Server
SysUpdate
UpdateEXPERT
Windows Server Update Services
ZENworks Patch Management
LANDesk Patch Manager
Service Pack Manager
Sitekeeper (Patchkeeper module)
Software U
p
date Services

EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
p
Kaseya Patch Management
Summary
Patch management is a part of the system management which

involves acquiring, testing, and installing of patches to an
administrated computer system.
New types of vulnerabilities arise with the installation of latest
h
patc
h
es.

Organizations should create a patch and vulnerability group
(PVG).
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited
EC-Council
Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited