Audit Tools That Won t Break the Bank

Transcription

1 Audit Tools That Won t Break the Bank 2011 Date or subtitle Presented by: Mark Scholl, Partner 1 Background These tools do not require a strong technical background! Do not scan or install tools without authorization!!! May be a violation of your acceptable use policy Can disrupt applications and services running on your network Intrusion detection system Tools run on Microsoft systems 2 Copyright Wipfli LLP 1

2 Presentation Objectives Discuss and demonstrate tools that can: Verify V security settings Enumerate system information Identify vulnerabilities due to weak security settings and missing security updates Remediate R t vulnerabilities Monitor your information systems 3 Tools Microsoft Security Baseline Analyzer AutoRuns PSInfo SNScan DumpSec GFI Languard 4 Copyright Wipfli LLP 2

3 Microsoft Baseline Security Analyzer (MBSA) Scans Microsoft hosts only Does not apply updates or fix security holes only identifies them Also identifies updates for SQL, Exchange,.NET, and Office Scans remote Microsoft computers Requires XML updates to account for new security updates 5 Microsoft Baseline Security Analyzer (MBSA) Critical Security Update and Service Pack Status Windows 2003, 2008, XP, Vista, and Windows 7 Internet Information Server (IIS) SQL Server Exchange Server Office 2003, XP, 2007, 2010 (local scan only) 6 Copyright Wipfli LLP 3

4 Microsoft Baseline Security Analyzer (MBSA) Missing security updates Account A t vulnerabilities Weak security settings File system vulnerabilities 7 Microsoft Baseline Security Analyzer (MBSA) Demonstration 8 Copyright Wipfli LLP 4

5 Autoruns for Windows Part of the Windows Sysinternals suite of tools Shows what programs are configured to autostart during system boot and login You can download the program or run live from the website Great for identifying registry entries that automatically start malicious code Warning: You can modify registry settings using this tool 9 Autoruns 10 Copyright Wipfli LLP 5

6 PSInfo Part of the Windows Sysinternals PSTools suite com/en Provides a report with basic documentation of the system Microsoft systems only Can be run against the local machine or against remote systems Must be run from the command line >psinfo /? For help 11 PSInfo 12 Copyright Wipfli LLP 6

7 SNScan Part of the free downloads available at the McAfee Foundstone website Scans for devices using default SNMP settings Simple Network Management Protocol is often installed by default on many network devices many times this protocol can simply be disabled 13 SNScan 14 Copyright Wipfli LLP 7

8 DumpSec Audit A Tool for Reporting on: User accounts Password requirements Group membership File share permissions 15 DumpSec 16 Copyright Wipfli LLP 8

9 GFI Languard 1-year license starts at $ Day free trial Performs credential vulnerability scanning Inventories your computers hardware, applications, and system information Can remediate vulnerabilities by installing patches Microsoft, Adobe, Java, etc. Generates audit reports 17 GFI Languard 18 Copyright Wipfli LLP 9

10 Other Audit Tools Spiceworks Nmap/Znmap GFI EventsManager Nessus Backtrack 5 Other Tools??? 19 Contact Information Mark Scholl, Partner mscholl@wipfli.com Certified Ethical Hacker (CEH) Certified Information Systems Auditor (CISA) Certified Information Systems Security Professional (CISSP) Microsoft Certified Systems Engineer (MCSE) Copyright Wipfli LLP 10

11 21 Copyright Wipfli LLP 11