New free tool helps you meet stringent security hardening guidelinesFrom: fernando (fernando@PEDESTALSOFTWARE.COM)
- Previous message: Francis Favorini: "Re: Alert: Microsoft Security Bulletin - MS02-021"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 30 Apr 2002 09:47:28 -0400 From: fernando <fernando@PEDESTALSOFTWARE.COM> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Summary: SecurityExpressions WebScan Free Edition is a free tool for
assessing how well computers comply with industry-standard security
hardening policies and guidelines.
Hardnening policies to choose from:
- Microsoft Security Guidelines for Windows NT
- National Security Administration (NSA) Guidelines for Windows 2000
- Hotfixes for Windows, Outlook, IIS, Internet Explorer and other
- Others to be added over time
Examples of misconfigurations uncovered:
- Incorrect registry permissions
- Lax file/directory permissions
- Unneeded services
- Lenient user rights
- Missing hotfixes
- Windows NT 4.0 or higher
- Internet Explorer 5 or higher
- Administrator account
How it works:
- Visit http://www.securityexpressions.com/webscan
- Select the policy
- Click "Begin Scan"
- IE will download the WebScan ActiveX object
- The ActiveX object will scan your local computer
- Output will be displayed in IE
Security implications of running WebScan:
- WebScan runs only on the local machine so that no sensitive
information is sent through the Internet.
- WebScan does not require any registration or other type of user
- WebScan provides an option that, if checked, sends back the results of
the scan so that we can collect aggregate statistics. These statistics
help us to improve the product.
- WebScan is based on our SecurityExpressions product that is used by
organizations to ensure that their systems comply with custom policies.
- WebScan uses only documented, standard Windows API.
- A commercial version interfaces directly with SecurtyExpressions and
allows fixing of any problems discovered