RE: Windows Network Audit Tool Question
From: Rosado, Rafael (Rafael) (rarosado@lucent.com)
Date: 12/30/02
- Previous message: YashPal Singh: "http session expiry"
- Maybe in reply to: Old Ben: "Windows Network Audit Tool Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Rosado, Rafael (Rafael)" <rarosado@lucent.com> To: obwan51@fastmail.fm Date: Mon, 30 Dec 2002 13:10:06 -0700
You might want to consider running Microsoft's Baseline Security Analyzer
(MSBA) -
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/Tools/MBSAhome.asp
or GFI's Languard Network Scanner (http://www.gfi.com/lannetscan/index.htm).
Both are open source/freeware and run under Windows (MSBA requires Windows
2000 Professional and Administrator rights over the machines being scanned,
Languard runs under 9x/NT/2000 and you do not need Administrator rights over
the machines being scanned). The commercial version of Languard is $99 and
allows a Network Administrator to push/distribute security patches remotely.
FYI...version 3.1 of Languard (beta) advertises that it will allow Network
Administrators remotely push service packs (in addition to security
patches).
Rafael Rosado
IT Security Manager
Caribbean and Latin America Region (CALA)
Lucent Technologies O
Corporate Security
Business Assurance and Risk Mitigation Services (B.A.R.M.S.)
2400 SW 145th Avenue - Room 3S039
Miramar, Florida 33027
+1 954-885-2176 (voice) *
+1 954-885-3861 (fax) *
+1 954-648-3532 (mobile) or 9546483532@mobile.att.net (text message) *
rarosado@lucent.com (email) *
This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity named
above. If you are not the intended recipient, you are hereby notified that
any disclosure, printing, copying, distribution, or the taking of any action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.
-----Original Message-----
From: Havens, Ben [mailto:benh@bf.umich.edu]
Sent: Monday, December 30, 2002 12:59 AM
To: security-basics@securityfocus.com
Subject: RE: Windows Network Audit Tool Question
Nessus (nessus.org) has a plugin for checking service pack level. Don't see
one for querying installed hotfixes, but you might be able to rework this
one to return those hotfix regkeys/values. That appears to be all that
Winfingerprint does.
IMHO, this is not a very reliable method. Something like Hfnetchk
(shavlik.com) which also verifies file versions and checksums would give you
a better idea of whether installed hotfixes are still intact.
-Ben
-----Original Message-----
From: Old Ben [mailto:obwan51@fastmail.fm]
Sent: Friday, December 27, 2002 1:21 PM
To: security-basics@securityfocus.com
Subject: Windows Network Audit Tool Question
Greetings,
As an admin of a Windows Domain I am looking for a tool that will provide
the same type of information (especially the service pack/patch level)
that I can get from Winfingerprint http://winfingerprint.sourceforge.net/
but that will run from a shell on Linux. I suspect that it is possible
to do this with the Samba client software but can't find any information
on it. Can anyone provide me a starting point or a link to an (open
source) tool that provides this functionallity? Thanks.
-fb
-- Old Ben obwan51@fastmail.fm
- Next message: Christophe de Livois: "Re: AS: Incident Response Guidelines"
- Previous message: YashPal Singh: "http session expiry"
- Maybe in reply to: Old Ben: "Windows Network Audit Tool Question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
