Re: System Security Audits

From: Dave Piscitello (dave_at_corecom.com)
Date: 12/11/03

Next message: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"

Previous message: Rajesh Jose: "RE: XSS with encrypted cookie?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 11 Dec 2003 07:52:39 -0500
To: Peteris Krumins <newsgroups@lf.lv>, pen-test@securityfocus.com

I agree that chasing malware, trojans, viruses, etc. makes CD burning
difficult.

W/R/T permissions, auditing, user rights assignment and other local and
group policies, you might also want to look at the Center for Internet
Security's Auditing Tools and security templates (http://www.cisecurity.org).

Lastly, you didn't mention security patches and hot fixes. Shavlik has an
excellent tool HFnetchkPro, for individual and networked patch management
at http://www.shavlik.com/ It's license free for up to 10 PCs. They also
have an enterprise policy checker and accounts checker. These are the folks
who developed MBSA for Microsoft.

At 12:00 AM 11/29/2003 +0200, Peteris Krumins wrote:

> Hello,
>
> I have a question about doing system (Windows) security
> audits.
> By system security audits I mean things like checking if computer
> is free of malware, trojans, viruses, if user has appropriate
> permissions (not too high or to say if user has restrictive
> permissions) etc.
>
> I have a couple of ideas which i could use, one is to create
> an universal CD with all the stuff needed. Everything is on the
> CD, nothing will be installed on the client's computer.
> The Audit Team just puts CD in, runs applications and that's it.
>
> The other is to bool from a CD on the client's computer
> which would bring us to some different environment (probably
> linux). As booted mount the filesystems and do all the
> audit stuff from such environment.
>
> Or, please, suggest any other methods that could be used.
>
>
>P.Krumins
>
>
>---------------------------------------------------------------------------
>----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Next message: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"

Previous message: Rajesh Jose: "RE: XSS with encrypted cookie?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: DC Policy: just want to audit files, not set security
... the particular directory to root the auditing ... different permissions within the area. ... >> I had never thought of using a SCE template File System ... >>> lot of events in the security log. ...
(microsoft.public.windows.server.security)
Re: Track a specific users share access activity?
... When you open the auditing tab in the Security dialog of the ... NTFS permissions in the properties of the storage area of ... just as if you were adding access permissions. ... Security) ...
(microsoft.public.windows.server.security)
Re: Auditing
... Yes, as other MVP has stated, Auditing and NTFS permission are individual ... Each object has a set of security information, or security descriptor, ... In addition to containing permissions information, however, a security ...
(microsoft.public.win2000.general)
AZMan audits with XML data store
... changes made to the security store such that an auditor ... Enable object auditing in security policy (I have ... Allow use of "Generate Security Audits" and "Manage ...
(microsoft.public.platformsdk.security)
AZMan auditing
... changes made to the security store such that an auditor ... Enable object auditing in security policy (I have ... Allow use of "Generate Security Audits" and "Manage ...
(microsoft.public.platformsdk.security)