Transcript CT_395_Project - ITSEC

Security
Audit Tools
Project
CT 395
IT Security I
Professor Igbeare
Summer Quarter 2009
August 25, 2009
CT 395 Team B
Ann Curran
Steven Hoy
Amy Bridges
Jeffrey Broomall
Jeanne Goss
Jesse Holt
Retina
Network Security
Scanner Tool
http://www.eEye.com/html/product
s/retina/download.htm?id=090707.
094545.562845
Retina Network Security Scanner Tool
* designed to run on Windows 2000, XP or 2003 systems
* also has the capability of auditing non-Windows devices such as
UNIX, Linux, Cisco and other devices
* identifies and prioritizes vulnerabilities it finds on a system
* provides best practice information in regards to auditing, policy
practices, and operating system security
* to start a vulnerability scan, a target IP address, filename, job,
audit selections, port selections, options, and credentials
that have administrative rights must be providedd
Retina Network Security Scanner Tool
Reporting Options Available
The Reports menu offers 4 different reports
* the Executive option (shown below) lists the quantity of vulnerabilities
in the order of High, Medium, Low, and Informational, generally a good
scan for management to use as an indication on how secure a system is
without too much technical information
Retina Network Security Scanner Tool
Reporting Options Available (cont’d)
The Remediate menu offers 1 detailed remediation report
more technical information is displayed to assist a security administrator
Microsoft
Baseline
Security Analyzer
http://technet.microsoft.com/enus/security/cc184923.aspx#ETB
Microsoft Baseline Security Analyzer
* designed for small to medium business
* useful for standalones computers and home networks
* scans computer(s) for misconfigurations, missing patches and
updates, and other administrative vulnerabilities
* uses Windows Update Advisor and Windows Server Update Service
to create a checklist
* a synced security and update tool that keeps your Windows
environment on the cutting edge and one step ahead of
malicious programs and their creators
*works for key components of the Microsoft Windows environment,
including Microsoft Office, Internet Explorer, and Microsoft
Outlook.
*compatible with Windows operating systems, as far back as
Windows 2000 Server
* easily attainable, very user friendly
Microsoft Baseline Security Analyzer
* the IP address of the computer to be scan must be entered
* choose the desired parameters for the scan
• Windows administrative vulnerabilities
• weak passwords
• IIS administrative vulnerabilities
• SQL administrative vulnerabilities
* simple and effective program
* user-friendly and functions like other Windows applications
* should be used with an effective security strategy that involve both hardware
and software
Microsoft Baseline Security Analyzer
AVG
Antivirus
Program
http://www.avg.com/download-trial
* antivirus software solution
* extremely efficient in detecting infected files
* scanning engine uses three methods of virus detection
*Works with Windows 2000, Windows XP, Windows XP Pro x64
Edition, Windows Vista, and Windows Vista x64 Edition
* features of AVG
Anti-virus
Email Scanner
Anti-Spyware
Anti-Rootkit
Link Scanner
Web Shield
Resident Shield
Update Manager
License
Sunbelt
Network
Security Inspector
http://dw.com.com/redir?edId=3&siteId=4&oId=30002651_ 410290146&ontId=2651_4&spi=9a20b741ab1774d4fa5a8b
adda56ff73&lop=link&ltype=dl_d
lnow&pid=10555004&mfgId=106327&merId=106327&pg
uid=3uSGjgoPjF4AACZLsbIAA
AAM&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3
001-2651_410290146.html%3Fspi%3D9a20b741ab1774d4fa5a8badda
56ff73
* an enterprise tool designed to work with
large domains
* looks at the domain specified on the local
machine that is running SNSI
Sunbelt Network Security Inspector
Scan Results - a list of all identified vulnerabilities will be displayed, sorted by
risk level to bring the most important vulnerabilities to the attention of the user
Sunbelt Network Security Inspector
Project Summary
• all tools evaluated proved beneficial for protecting networks and
computers
•beneficial and user friendly for network security professionals, as
well as general computer users
•an arsenal of security tools is necessary for complete protection
•one product does not do it all
•favorite security tool evaluated
•AVG antivirus program
•installing an anti-virus program and keeping definition files up-todate is an extremely important in keeping computers and
networks secure from the myriad of vulnerabilities that exist
•functional anti-virus product that can be obtained free
Future Implications
Security Audit Tools
•allow more efficient IT personnel
•proactive in monitoring and defending their networks
•instead of repairing down networks from intentional hackers
and/or uneducated users
•required to protect networks
•insurgence of malware, viruses, and intruding hackers
•an arsenal of security products is necessary to protect networks
End Notes
AVG Antivirus and Security Software. (2009). Retrieved August 2009, from Download AVG Trial Version
for Free: http://www.avg.com/download-trial
Linkedin. (2009). Retrieved August 2009, from eEye Digital Security:
http://www.linkedin.com/companies/eeye-digital-security
Microsoft Discussion Groups. (2009). Retrieved August 8, 2009, from Discussions in Security Baseline
Analyzer: http://www.microsoft.com/communities/newsgroups/enus/
default.aspx?dg=microsoft.public.security.baseline_analyzer
Microsoft Technet. (2008, May 5). Retrieved August 8, 2009, from Microsoft Baseline Security Analyzer
2.1: http://technet.microsoft.com/en-us/security/cc184923.aspx#ETB
Microsoft Technet. (2009). Retrieved August 2009, from Microsoft Baseline Security Analyzer - Legacy
Product Support: http://technet.microsoft.com/en-us/security/cc184924.aspx
Sunbelt Network Security Inspector. (2009, August). Retrieved August 2009, from SC Magazine:
http://www.scmagazineus.com/Sunbelt-Network-Security-Inspector/Review/354/
Sunbelt Network Security Inspector. (2009, August). Retrieved August 2009, from CNET
download.com:
http://dw.com.com/redir?edId=3&siteId=4&oId=3000-2651_410290146&ontId=2651_4&spi=9a20b741ab1774d4fa5a8badda56ff73&lop=link&ltype=dl_d
lnow&pid=10555004&mfgId=106327&merId=106327&pguid=3uSGjgoPjF4AACZLsbIAAAA
M&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-