Re: System Self audit tool

[Todd Haverkos <infosec () haverkos com>]

"vedantamsekhar () gmail com" <vedantamsekhar () gmail com> writes:
> Hi,
>
> I was given a task to search and evaluate a self-audit tool which
> allows users to run the tool from a central server. The tool should
> verify the users system for missing/old AV dat files, missing
> patches and so on..and also it should provide the links appropriate
> sites for downloading the updates.  Are there any such
> tools/solutions available in market?

Sounds like you're in the market for a client-based or agent-based
vulnerability scanning and patch management in one, but... in a way
that puts the users on the hook for patch installation?  Your task
giver may need to be challenged on their conviction that users will
actually apply patches if prompted to do so.  In my experience, the
vast majority of users simply won't, and will cheerfully click
whatever button gets them to their work fastest. 

Secunia PSI does almost exactly what you've described, but is licensed
(free) for non-commercial use only.  In addition to the obvious
license issue, for a business, it's a non starter in a corporate
environment because it doesn't centrally report to anything that lets
you know your risk posture.

Secunia's CSI product, however, is their corporate analog to it which
has a central server (on your premises) and a rather crude (IMO) patch
distribution mechanism that tries to piggyback on windows components
without the value add that the Shavlik's of BigFixes of the world have
done to do this right.  However, it does a very nice job of reporting
out of date client software with a supported/tracked software list
that seems a lot more extensive than anyone else I've seen. 

On a side note, your AV's central console is probably the best to use
for the AV dat file issue, though dedicated credentialed vuln scanners
like Tenable Security Center (which leverages Nessus as the vuln
scanner) also have plugins to flag out of date AV DAT's if you provide
credentials to access the administrative shares on the box.  However,
those are vuln scan only--they won't automate the patching process and
they aren't agent based.  I'm not sure if Secunia will warn about out
of date DAT's either. 

The other flavor of products out there are the agent based solutions
like BigFix (swallowed recently by IBM) and LANDesk.  These are
systems management suites and you can get patch and vulnerability
management pieces to them, which handle the fix and detect problem
respectively ... but you will need to get out your checkbook.  And you
will find that the list of vendors/software they'll detect as out of
date and will patch is not necessarily huge.  They aren't cheap, and
they're most effective if you resign yourself to live in their world.

The sweet spot in ROI from my view is to get a vulnerability scanner
your security people like, and then have the windows patch folks
leverage Microsoft SCCM with something like Shavlik SCUPdates to
handle the third party patching (Adobe, Quicktime, Java, and all the
web plugins that still too many shops entirely neglect, but are the
source of so much of client-side compromises).  

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------