Identifying Unpatched Machines
Results 1 to 6 of 6

Thread: Identifying Unpatched Machines

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002

    Identifying Unpatched Machines

    Those of you out there tasked with discovering vulnerable machines and maintaining their patch status- how do you do it?

    I am curious which methods or tools are most used for determining which machines need patching or what patches they need? Are you using open source or commercial programs? How do you track the patch implementation to ensure you have completed the job?

    Are there any other methods anyone could recommend for finding or identifying machines that need to be patched- short of performing an actual vulnerability scan? For instance, I could just do a port scan on my network to identify machines that might have vulnerable ports open when they shouldn't have. Any other ideas along those lines?

  2. #2
    Retina from eEye will do it and Nessus should too, but you aren't looking for them. If you are looking for single vulnerabilities, both eEye and Foundstone offer standalone vulnerability scanners that search for a single vulnerability in machines.

    I know that before I get onto my schools network, I will be asked on a webpage to patch my box, and that only shows up if I am unpatched. I don't think they run a vuln test on my machine, so there should be a way to determine patch status without a vuln test.

  3. #3
    AO Guinness Monster MURACU's Avatar
    Join Date
    Jan 2004
    There are a good many tools that allow you to both test the level of patches on machines and to deploy the required patches. At work we use shavliks HFnetCHKpro tool link . It allows you to analyse and deploy the security patches on workstations and servers. You can also use microsofts baseline security analyser to analyse the machines and then use Qchaine to create a batch to deploy the missing patches. It is a bit longer but it is free.
    link to the analysier
    \"America is the only country that went from barbarism to decadence without civilization in between.\"
    \"The reason we are so pleased to find other people\'s secrets is that it distracts public attention from our own.\"
    Oscar Wilde(1854-1900)

  4. #4
    AO French Antique News Whore
    Join Date
    Aug 2001
    For the basic free stuff, SUS and Microsoft Baseline Security Analyzer SHOULD be in your admin toolbox!
    -Simon \"SDK\"

  5. #5
    Junior Member
    Join Date
    Sep 2001
    We are told which patches are approved to install. From time to time we have to provide status on how many machines are online and which patches of the approved are loaded. I use Perl to connect to registries and gather data. Might not be the best way to go, but we are limited in what we can use.

    If you are in a medium sized envirnment SUS is good. For large enterprises Marimba is good and it has patch management for multiple platforms.
    [glowpurple]The bottom line is the bottom line[/glowpurple]

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Originally posted here by SDK
    For the basic free stuff, SUS and Microsoft Baseline Security Analyzer SHOULD be in your admin toolbox!
    That along with some perl scripts has worked ok for me.

    Check out these perl scripts

    You can modify them to make them work for you. So, you have more than one method of verifying what boxes are being patched without giving yourself a headache looking through the http logs. Just make sure that your http log is rotating monthly, not daily...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts