PaulDotCom mailing list archives
Scanning for Intalled Security Software
From: bcg at struxural.com (Ben Greenfield)
Date: Sun, 25 Apr 2010 21:38:02 -0400
In my experience very very few organizations are capable of auditing changes on workstation assets in a way that provides real assurance. I think where most organizations completely drop the ball is on having the audit capability per workstation (or per server or per device in many organizations I've worked with). I think the common practice is to stop with the easy task of documenting that a particular asset class ought to and is approved to receive an update, without ever doing the actual verification to achieve the assurance that all workstations received the patch. In some Military environments I've worked in their is a requirement that in order to maintain network accreditation, daily credentialed patch scans must be run. There is usually a separate and distinct role of Information Assurance Manager whose task is to verify that the appropriate patch levels are being achieved. Just so everyones clear, if the network loses accreditation, that means that your upstream provider disconnects you. I think part of what creates the culture where organizations stop before reaching assurance is that they see a cost benefit in not separating the duties of patch application and patch verification. I think there are other, less admirable causes in some case as well, such as ignorance or negligence. I'm just using patching as an example here, this applies to penetration tests, firewall audits, and other areas. The problem with not having the separation of duties is that it creates a conflict of interest where a very often stressed-out Administrator is the ground-zero for an organizations actual security posture. On Fri, Apr 23, 2010 at 3:42 PM, Daniel <Daniel at virturity.com> wrote:
When you say configuration management system, are you thinking a fully developed CMDB with integration into Change management systems, proper audit records, etc or more something like SMS/SCCM where the focus is more on the deployment/reporting? I wonder how many organizations do disciplined configuration management for workstation class assets. -----Original Message----- From: pauldotcom-bounces at mail.pauldotcom.com [mailto:pauldotcom-bounces at mail.pauldotcom.com] On Behalf Of Carlos Perez Sent: 23 April 2010 20:18 To: PaulDotCom Security Weekly Mailing List Cc: PaulDotCom Security Weekly Mailing List Subject: Re: [Pauldotcom] Scanning for Intalled Security Software I would see this as a great oportunity to offer the client and asset management system and a configuration management system if your company sell those. I worry a bit when I find clients who's policies lack proper configuration and asset managements measures that include all networked devices Carlos Sent from my Mobile Phone On Apr 23, 2010, at 10:39 AM, Shane Kelly <i0null at nightcoder.org> wrote:Thanks for all your great suggestions! With regards to machines that sit outside the domain they will be looked at manually by the client, as these machines should most likely not exist on the network. I've personally not used the Nessus to do authenticated scans, so it's good to hear it suggested. I'll have a look at each, but the client in this case probably be more confertable using with us using Nessus. Thanks! Shane On 23 April 2010 14:40, ?<daniel at virturity.com> wrote:I second that; works very well for machines in the domain. Had this set up to check for AV (installed/running/revision of pattern and engine), patching solution and some other bits. You can send a mail if non compliant with your policies to support staff as well. Non domain members are still a problem tho. Daniel On Fri, 23 Apr 2010 09:30:29 -0400, Carlos Perez <carlos_perez at darkoperator.com> wrote:Of they are In the domain you can use wmi thru powershell, wmic, wsh..etc to automate the process and read the registry keys for install apps plus get a list of running procceses Carlos Sent from my Mobile Phone On Apr 23, 2010, at 8:22 AM, Shane Kelly <i0null at googlemail.com> wrote:Hey Guys, Does anyone have any experiance with doing agentless scanning for installed software in a network? I'm looking for instances where workstations may exist that do not have Safeguard Easy or Anti-virus Installed. Many thanks in advance, Shane _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- -- Benjamin C. Greenfield, CISSP bcg [at] struxural.com Domains and Hosting for Less from Struxural: http://www.struxural.com
Current thread:
- Scanning for Intalled Security Software, (continued)
- Scanning for Intalled Security Software Albert R. Campa (Apr 23)
- Scanning for Intalled Security Software Rick Hayes (Apr 23)
- Scanning for Intalled Security Software Noah O'Donoghue (Apr 23)
- Scanning for Intalled Security Software Ben Greenfield (Apr 23)
- Scanning for Intalled Security Software Carlos Perez (Apr 23)
- Scanning for Intalled Security Software Tim Krabec (Apr 23)
- Scanning for Intalled Security Software daniel at virturity.com (Apr 23)
- Scanning for Intalled Security Software Shane Kelly (Apr 23)
- Scanning for Intalled Security Software Carlos Perez (Apr 23)
- Scanning for Intalled Security Software Daniel (Apr 23)
- Scanning for Intalled Security Software Ben Greenfield (Apr 25)
- Scanning for Intalled Security Software Tyler Robinson (Apr 26)
- Scanning for Intalled Security Software Carlos Perez (Apr 23)