Re: Audit Tools

From: Serge Wroclawski (serge@tux.org)
Date: 08/29/01 

Date: Wed, 29 Aug 2001 12:16:48 -0400 (EDT)
From: Serge Wroclawski <serge@tux.org>
To: <milt@necam.com>
Subject: Re: Audit Tools
Message-ID: <Pine.LNX.4.30.0108291211500.7729-100000@gwyn.tux.org>

On Wed, 29 Aug 2001 milt@necam.com wrote:

> Lets assume our company takes over another ... actually taking place ... our
> company wants to audit the other company's network ... at this point we are
> told it is NT ... not told too much else like what version, service packs,
> controllers, backups, etc. Is there an audit tool that will tell us such things
> as security holes, number of users, groups, rights, etc.? I need a 'all-in-one'
> 'sweeper package'... is there such a thing? ... what would you recommend?

For Windows I have no clue. I'm not a Windows person (I'm on this list
just to keep my ear to the ground).

As a Unix admin, for a real complete audit, I recommend you go to
Usenix/SAGE and pick up a book called "A System Administrator's Guide to
Auditing" by Geoff Halprin.

Info on all the books here:
http://www.usenix.org/sage/publications/short_topics.html

It's not tools, but a book giving you a conceptual framework on system
audits. It's written for a Unix sys admin, but the concepts should be
easily applied to any environment.

So while I don't have the tool you're asking about, I think you may
benefit from a good (short) book on conceptual frameworks on system audits
in general. I know I have.

- Serge Wroclawski