RE: System Self audit tool

["Mark C. Carollo" <mcarollo () peppm org>]

I would have to second the Shavlik tool.  Although it can be costly, it pays
for its self.  In addition, it now has Vipre AV built in.  Using this AV
product and its policies, you can also keep AV up to date from the same
console.  I would give it a try.  They also have a nice compliance tool.


-----------------------------------------------------
Mark C. Carollo
<mcarollo () peppm org>

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Todd Haverkos
Sent: Wednesday, May 25, 2011 3:02 PM
To: vedantamsekhar () gmail com
Cc: 
Subject: Re: System Self audit tool

"vedantamsekhar () gmail com" <vedantamsekhar () gmail com> writes:
> Hi,
>
> I was given a task to search and evaluate a self-audit tool which 
> allows users to run the tool from a central server. The tool should 
> verify the users system for missing/old AV dat files, missing patches 
> and so on..and also it should provide the links appropriate sites for 
> downloading the updates.  Are there any such tools/solutions available 
> in market?

Sounds like you're in the market for a client-based or agent-based
vulnerability scanning and patch management in one, but... in a way that
puts the users on the hook for patch installation?  Your task giver may need
to be challenged on their conviction that users will actually apply patches
if prompted to do so.  In my experience, the vast majority of users simply
won't, and will cheerfully click whatever button gets them to their work
fastest. 

Secunia PSI does almost exactly what you've described, but is licensed
(free) for non-commercial use only.  In addition to the obvious license
issue, for a business, it's a non starter in a corporate environment because
it doesn't centrally report to anything that lets you know your risk
posture.

Secunia's CSI product, however, is their corporate analog to it which has a
central server (on your premises) and a rather crude (IMO) patch
distribution mechanism that tries to piggyback on windows components without
the value add that the Shavlik's of BigFixes of the world have done to do
this right.  However, it does a very nice job of reporting out of date
client software with a supported/tracked software list that seems a lot more
extensive than anyone else I've seen. 

On a side note, your AV's central console is probably the best to use for
the AV dat file issue, though dedicated credentialed vuln scanners like
Tenable Security Center (which leverages Nessus as the vuln
scanner) also have plugins to flag out of date AV DAT's if you provide
credentials to access the administrative shares on the box.  However, those
are vuln scan only--they won't automate the patching process and they aren't
agent based.  I'm not sure if Secunia will warn about out of date DAT's
either. 

The other flavor of products out there are the agent based solutions like
BigFix (swallowed recently by IBM) and LANDesk.  These are systems
management suites and you can get patch and vulnerability management pieces
to them, which handle the fix and detect problem respectively ... but you
will need to get out your checkbook.  And you will find that the list of
vendors/software they'll detect as out of date and will patch is not
necessarily huge.  They aren't cheap, and they're most effective if you
resign yourself to live in their world.

The sweet spot in ROI from my view is to get a vulnerability scanner your
security people like, and then have the windows patch folks leverage
Microsoft SCCM with something like Shavlik SCUPdates to handle the third
party patching (Adobe, Quicktime, Java, and all the web plugins that still
too many shops entirely neglect, but are the source of so much of
client-side compromises).  

Best Regards,
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate In this guide we
examine the importance of Apache-SSL and who needs an SSL certificate.  We
look at how SSL works, how it benefits your company and how your customers
can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server.
Throughout, best practices for set-up are highlighted to help you ensure
efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------



------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------