Blue Team Starter Kit - PDQ Deploy for patch management
Patch management is one of the hardest initiatives to solve for an organization. Setting up a Microsoft Windows Server Update Services can help with Windows updates. Third-party software patching is a bit trickier. Secunia and other options are available for those with the financial resources. For everyone else I recommend PDQ Deploy.
What is PDQ Deploy
PDQ Deploy is an Admin Arsenal offering. It’s free to download and use. The free version is limited, but can give you an idea of what to expect with the program. The enterprise version costs $500 and well worth it.
The program helps to solve patch management, but it can also function as a general software deployment solution. In my previous post, I talked about EMET. PDQ Deploy is the tool I used to easily deploy EMET to my environment. Packages come pre-configured. No parameters or variables need to be set. Just download, select your target computers, and fire. If the need arises, packages are modifiable, however.
Why patch management is important
Patch management helps keep systems from getting exploited. PDQ Deploy provides a simple way of downloading third-party updates and pushing them. Yet another Adobe Flash update? PDQ Deploy it. I have so much confidence in the tool that I would deploy Adobe Flash updates during the day. Maybe not something you want to do with everything (and not something I would recommend doing the first time), but Flash deployed without issue.
PDQ Inventory ($500 enterprise version) another Admin Arsenal offering, will help with automating the process. FULL DISCLOSURE: I did not get an opportunity to try out PDQ Inventory. We ended up integrating PDQ Deploy with a different inventory software (another plus). Below is a video that walks through how to use PDQ Deploy and Inventory to setup automated patching for Adobe Flash. These guys have a great YouTube channel, by the way, that walks through several different features and functions of the PDQ products.
PDQ Deploy by itself is a software pusher. It does not check for version on the current machine. It won’t care if the software is on the machine or even needs the update. The problem with that is that it increases the attack surface on the machine. PDQ Inventory combined with PDQ Deploy will work to determine version or if it’s installed on the machine, in the first place. As mentioned earlier, PDQ Deploy has the potential to work with other inventory software. Which is beneficial if there is something already in place. If not, check out PDQ Inventory. If it's as half as good as PDQ Deploy, it's a win for you.
How to use PDQ Deploy
Open PDQ Deploy (or go to Admin Arsenal's YouTube channel).
The left pane is for navigation. The Package Library is where software packages are downloaded. Packages is where all the downloaded packages can be viewed.
To download a new package, search for the software package by Categories or Vendors. I typically searched Vendors, because I knew what I wanted (Adobe Flash gets updated a lot). For this example we’ll use Adobe to grab the Flash package. Go to Package Library -> Vendors -> Adobe. Highlight Flash and then click the Import Selected button in the top right corner. The package will download and appear under Packages. Highlight the package and then click the Deploy button and Deploy Once in the top right corner. This is also where packages can be edited or scheduled to run if necessary.
Click the Choose Targets button and select how to deploy the package. Packages can be deployed via:
Active Directory
PDQ Inventory
Spiceworks
Target List
Text File
For my test group I usually put all my IP Addresses in a text file and then pushed using the text file option. Use what is best for your specific environment. The selected machines will appear in the target window. The program will run a communications check on all the machines. Once that finishes click the Deploy Now button.
The window will close and the deployment begins. Progress can be viewed in the package view. Click on the deployment to show the progress of the deployment, and that’s pretty much it.
One final note. Credentials will probably need to be setup. To set this up, click on FILE in the top left and then click Preferences. Click Credentials in the left pane and then the Add Credentials button.
Conclusion
Patch management is a big challenge for organizations. Thankfully, PDQ Deploy can meet that challenge and may even exceed it. The program is intuitive, easy-to-use, and fits nicely in a small budget. On it's own PDQ Deploy is a powerful tool that helps get patch management under control. Combined with PDQ Inventory patch management will be a piece of cake.
This post wraps up my Blue Team Starter Kit series. Feedback is welcome. Any correct or clarification requests can be sent to timothy.deblock[at]gmail[dot]com. The introductory post can be found here.
This post first appeared on Exploring Information Security.