Scanning for Intalled Security Software

[Daniel at virturity.com (Daniel)]

When you say configuration management system, are you thinking a fully
developed CMDB with integration into Change management systems, proper audit
records, etc or more something like SMS/SCCM where the focus is more on the
deployment/reporting? I wonder how many organizations do disciplined
configuration management for workstation class assets.

-----Original Message-----
From: pauldotcom-bounces at mail.pauldotcom.com
[mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Carlos Perez
Sent: 23 April 2010 20:18
To: PaulDotCom Security Weekly Mailing List
Cc: PaulDotCom Security Weekly Mailing List
Subject: Re: [Pauldotcom] Scanning for Intalled Security Software

I would see this as a great oportunity to offer the client and asset  
management system and a configuration management system if your  
company sell those. I worry a bit when I find clients who's policies  
lack proper configuration and asset managements measures that include  
all networked devices

Carlos

Sent from my Mobile Phone

On Apr 23, 2010, at 10:39 AM, Shane Kelly <i0null at nightcoder.org> wrote:

> Thanks for all your great suggestions!
>
> With regards to machines that sit outside the domain they will be
> looked at manually by the client, as these machines should most likely
> not exist on the network.
>
> I've personally not used the Nessus to do authenticated scans, so it's
> good to hear it suggested. I'll have a look at each, but the client in
> this case probably be more confertable using with us using Nessus.
>
> Thanks!
> Shane
>
> On 23 April 2010 14:40,  <daniel at virturity.com> wrote:
> > I second that; works very well for machines in the domain. Had this  
> > set up
> > to check for AV (installed/running/revision of pattern and engine),
> > patching solution and some other bits. You can send a mail if non  
> > compliant
> > with your policies to support staff as well. Non domain members are  
> > still a
> > problem tho.
> >
> > Daniel
> >
> > On Fri, 23 Apr 2010 09:30:29 -0400, Carlos Perez
> > <carlos_perez at darkoperator.com> wrote:
> > > Of they are In the domain you can use wmi thru powershell, wmic,
> > > wsh..etc to automate the process and read the registry keys for
> > > install apps plus get a list of running procceses
> > >
> > > Carlos
> > >
> > > Sent from my Mobile Phone
> > >
> > > On Apr 23, 2010, at 8:22 AM, Shane Kelly <i0null at googlemail.com>  
> > > wrote:
> > >
> > > > Hey Guys,
> > > >
> > > > Does anyone have any experiance with doing agentless scanning for
> > > > installed software in a network?
> > > > I'm looking for instances where workstations may exist that do not
> > > > have Safeguard Easy or Anti-virus Installed.
> > > >
> > > >
> > > > Many thanks in advance,
> > > > Shane
> > > > _______________________________________________
> > > > Pauldotcom mailing list
> > > > Pauldotcom at mail.pauldotcom.com
> > > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > > Main Web Site: http://pauldotcom.com
> > > _______________________________________________
> > > Pauldotcom mailing list
> > > Pauldotcom at mail.pauldotcom.com
> > > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > > Main Web Site: http://pauldotcom.com
> > _______________________________________________
> > Pauldotcom mailing list
> > Pauldotcom at mail.pauldotcom.com
> > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> > Main Web Site: http://pauldotcom.com
> _______________________________________________
> Pauldotcom mailing list
> Pauldotcom at mail.pauldotcom.com
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
> Main Web Site: http://pauldotcom.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom at mail.pauldotcom.com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com