Security Basics mailing list archives
Re: System Self audit tool
From: Todd Haverkos <infosec () haverkos com>
Date: Wed, 25 May 2011 14:01:30 -0500
"vedantamsekhar () gmail com" <vedantamsekhar () gmail com> writes:
Hi, I was given a task to search and evaluate a self-audit tool which allows users to run the tool from a central server. The tool should verify the users system for missing/old AV dat files, missing patches and so on..and also it should provide the links appropriate sites for downloading the updates. Are there any such tools/solutions available in market?
Sounds like you're in the market for a client-based or agent-based vulnerability scanning and patch management in one, but... in a way that puts the users on the hook for patch installation? Your task giver may need to be challenged on their conviction that users will actually apply patches if prompted to do so. In my experience, the vast majority of users simply won't, and will cheerfully click whatever button gets them to their work fastest. Secunia PSI does almost exactly what you've described, but is licensed (free) for non-commercial use only. In addition to the obvious license issue, for a business, it's a non starter in a corporate environment because it doesn't centrally report to anything that lets you know your risk posture. Secunia's CSI product, however, is their corporate analog to it which has a central server (on your premises) and a rather crude (IMO) patch distribution mechanism that tries to piggyback on windows components without the value add that the Shavlik's of BigFixes of the world have done to do this right. However, it does a very nice job of reporting out of date client software with a supported/tracked software list that seems a lot more extensive than anyone else I've seen. On a side note, your AV's central console is probably the best to use for the AV dat file issue, though dedicated credentialed vuln scanners like Tenable Security Center (which leverages Nessus as the vuln scanner) also have plugins to flag out of date AV DAT's if you provide credentials to access the administrative shares on the box. However, those are vuln scan only--they won't automate the patching process and they aren't agent based. I'm not sure if Secunia will warn about out of date DAT's either. The other flavor of products out there are the agent based solutions like BigFix (swallowed recently by IBM) and LANDesk. These are systems management suites and you can get patch and vulnerability management pieces to them, which handle the fix and detect problem respectively ... but you will need to get out your checkbook. And you will find that the list of vendors/software they'll detect as out of date and will patch is not necessarily huge. They aren't cheap, and they're most effective if you resign yourself to live in their world. The sweet spot in ROI from my view is to get a vulnerability scanner your security people like, and then have the windows patch folks leverage Microsoft SCCM with something like Shavlik SCUPdates to handle the third party patching (Adobe, Quicktime, Java, and all the web plugins that still too many shops entirely neglect, but are the source of so much of client-side compromises). Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- System Self audit tool vedantamsekhar () gmail com (May 25)
- Re: System Self audit tool Ansgar Wiechers (May 25)
- Re: System Self audit tool Mostafa Ibrahim (May 25)
- Re: System Self audit tool Vijay Rayapati (May 25)
- RE: System Self audit tool Mikhail A. Utin (May 31)
- Re: System Self audit tool Mostafa Ibrahim (May 25)
- Re: System Self audit tool Saif El Sherei (May 25)
- Re: System Self audit tool Mostafa Ibrahim (May 25)
- Re: System Self audit tool Saif El Sherei (May 25)
- RE: System Self audit tool Youngquist, Jason R. (May 25)
- Re: System Self audit tool Todd Haverkos (May 25)
- Re: System Self audit tool gold flake (May 26)
- RE: System Self audit tool Andrew Dorr (May 26)
- RE: System Self audit tool Mark C. Carollo (May 26)
- RE: System Self audit tool Mikhail A. Utin (May 31)
- Re: System Self audit tool gold flake (May 26)