Re: Operating Systems Audit Tools

Wed, 26 Mar 2003 21:23:38 -0800

Title: Operating Systems Audit Tools
Hi,
 
Excuse the self-plug, but we at Network Intelligence India Pvt. Ltd. have exactly the set of tools that you require. I am giving below a brief description of these tools. All the tools are host-based security auditing tools. They are very different from vulnerability assessment tools such as Nessus. These have been written from an auditor's perspective and produce HTML reports using the matrix of
1. Controls Audited
2. Vulnerabilites Discovered
3. Risk level associated with each vulnerability
4. Countermeasures.
 
The tools are:
1. AuditPro for Windows
This can be controled remotely and you only need to drop a 200kb exe on each host. We provide you with an Audit Control Console, from where you can audit all the Windows 2k/NT machines in your network from a single client PC.
 
2. AuditPro for Unix
This one is under revision and a copy will be available by April-end 2003. It works on AIX, Linux and Sun Solaris. It also uses a client-server architecture in which the host can be audited remotely as long as a client-side executable is dropped.
 
3. AuditPro for Oracle
This is a very unique auditing tool, in that it not only carries out a full-scale audit, but it also captures a snapshot of the data and saves it. Next time you carry out an audit, you can compare snapshots and evaluate compliance.
 
4. AuditPro for SQL Server
This tool will be out next week. It is the most comprehensive database auditing tool so far. It not only carries out the checks of configuration parameters, users, roles, privileges, etc. But it also audits for vulnerabilities, weak passwords, and it works with Named Instances. Also, it captures a baseline in much the same way as AuditPro for Oracle, and helps you evaluate compliance from one audit to the next.
 
You may contact me offline for further information on these.
 
Thanks and regards,
K. K. Mookhey
CTO,
Network Intelligence India Pvt. Ltd.
Web: www.nii.co.in
=================================
Security Auditing Handbooks
http://www.nii.co.in/research/handbook.html
=================================
----- Original Message -----
Sent: Wednesday, March 26, 2003 10:57 PM
Subject: Operating Systems Audit Tools

All,

Does anyone have any recommendations for tool(s) that can be used to audit an operating system (Unix, NT/2k, Linux, AIX, etc.).  I have a collection of tools that I would use to audit a system with, but I'm looking for something that is more comprehensive, a suite of that has been integrated into one package.

I'm not looking for a package that does all systems and platforms, but something that would work platform specific.  I have checklists for configuration, security settings, file and directory permissions, vulnerability scanning, patch/service pak's (on and on and on).  I would like to evaluate a solution that could be used that make the process more efficient and would allow me to audit a larger sample size of systems making better use of time and resources.

Thanks,


Val Moutsopoulos
Investors Bank & Trust
e-mail: [EMAIL PROTECTED]




**************************************************************************
This message and any attached documents contain information
which may be confidential, subject to privilege or exempt from
disclosure under applicable law. These materials are solely for
the use of the intended recipient. If you are not the intended
recipient of this transmission, you are hereby notified that any
distribution, disclosure, printing, copying, storage, modification
or the taking of any action in reliance upon this transmission is
strictly prohibited. Delivery of this message to any person other
than the intended recipient shall not compromise or waive
such confidentiality, privilege or exemption from disclosure as
to this communication.

If you have received this communication in error, please notify
the sender immediately and delete this message from your system.
*****************************************************************************

Reply via email to