Security Basics mailing list archives
Re: Compliance Tool
From: Todd Haverkos <infosec () haverkos com>
Date: Fri, 08 Apr 2011 08:54:56 -0500
kartik.netsec () gmail com writes:
Hi, We're looking for a security compliance tool (with low Total cost of ownership)to deploy in our network. We shortlisted Qualisgard, but dut to some Govt regulations, it could not fit the requirement. The requirement is to check for OS, database and security patches. In addition to that the tool should allow us to create the baseline according to our security policies such as - Default accounts & passwords - User/Group rights & permissions - Password integrity - System security configuration settings - Registry settings - Antivirus Updates - File Attributes Please help. Thanks, Kartik
If bang for the buck is paramount, you'll have a heck of a time beating Tenable Nessus for $1200/scanner a year. It can check for all these things in credentialed scanning--the rub is that it may not report on that data the way you like or need. If you're willing to do some massaging of output or some API work, you may get where you want to go very inexpensively and accurately. Who do you use for AV or System Management today? If it's one of the fuller suite players, I'd probably at least entertain a demo of their compliance/configuration/vuln management centric products. They won't be as cheap by any stretch of the imagination, but they may be an ease of management win for you leveraging existing agents that are deployed with other existing products in your company. For instance, a McAfee shop might at least look at http://www.mcafee.com/us/products/risk-and-compliance/index.aspx A BigFix shop would be interested in their vuln management offering, symantec has theirs, LANDesk has their own offering, etc. These roundups might at least let you know who the players are though, I'd never take an SC Magazine review (or any magic quadrant writeups) without a very large grain of salt. http://www.scmagazineus.com/policy-management/grouptest/215/ http://www.scmagazineus.com/risk-management/grouptest/216/ http://www.scmagazineus.com/vulnerability-assessment/grouptest/240/ Good luck! -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Compliance Tool kartik . netsec (Apr 07)
- RE: Compliance Tool Hung Lee (Apr 07)
- Re: Compliance Tool Albert R. Campa (Apr 07)
- Re: Compliance Tool Todd Haverkos (Apr 08)
- <Possible follow-ups>
- Re: Re: Compliance Tool kartik . netsec (Apr 08)
- Re: Re: Compliance Tool Adrian J Milanoski (Apr 25)