NCSAM Tip #8: Patch Verification with MBSA and Cisco IOS Software Checker
For Cyber Security Awareness Month I’d like to address patching; more specifically, verifying patches in your environment. Patching is a big part of any security policy. It’s also very important to verify that the patches and updates deployed have actually been installed. Whether you have one host or thousands, using a tool to scan your environment to verify those patches can save a lot of time and serve as a check on your patch processes.
There are some very good vulnerability scanners out there that can help locate and identify vulnerabilities and missing patches, but many are complex and expensive. I’d like to talk about two free and simple tools you can use to check that systems in your environments have secure configurations and are running up-to-date software.
MBSA for Microsoft end hosts
Administrators of Microsoft Windows systems can use the Microsoft Baseline Security Analyzer to scan hosts in their environments for issues that may affect system security. Aside from checking missing patches, the tool also validates the security configurations of servers running IIS or SQL Server and client applications like Office, Silverlight, and .NET Studio.
Once installed, an administrator can run the tool on either the local host or a remote host, or scan a list of IP addresses or computer names. When finished scanning, MBSA returns a report detailing detected security problems. The resulting reports also give advice on how to correct a problem, linking to articles from Microsoft on corrective actions. In addition, reports output by the program are XML, and while MBSA provides a nice interface to view the reports, there’s an opportunity to feed the data into an off-the-shelf log analyzer or a custom-designed tool to correlate the information.
Cisco IOS Software Checker
Patching and patch verification aren’t important just in Microsoft environments. If you administer devices in your network that run Cisco IOS Software, you can use the Cisco IOS Software Checker to find out what software versions may be vulnerable. The tool allows you to pick and choose versions of Cisco IOS Software that may exist in your environment, or if you’ve already compiled a list, you can upload a text file to the tool.
After running the tool, you get a list of Cisco PSIRT security advisories that affect each version of Cisco IOS Software. Administrators can use the information within the security advisories to find updated software or put into place effective mitigations. More information on the use of the tool can be found in the Introducing the Cisco IOS Software Checker blog post.
No matter what environment you work in, and no matter how confident you are in your patch infrastructure, it’s always smart to verify your patches. Whether you use MBSA or the Cisco IOS Software Checker or another tool, check to make sure that patches have been applied to the systems in your environment and that you are running up-to-date software.