Audit Your Security with These Tools
Novell Cool Solutions: Trench
By David Dean
Digg This -
Posted: 29 Jan 2002
Jump to reader feedback by clicking here.
We've fielded a few requests of late for info on tools that help system administrators audit their security. Here's a sample of what we're being asked:
"I am just looking for something I can run once in a while that tells of basic weaknesses, like no passwords, not expiring passwords, user has admin equivalence, excessive file rights, and similar basic problems."
So, with question in hand, we went to our Advisory Board for some guidance.
Board member David Dean pointed us in the right direction. According to David, well written searches in NWadmin and/or Nlist can do most of what is being asked for in the question. But, if it's a tool you're looking for, here's a list of products that do it all:
(If you know of a tool that can help audit security, let us know, we'll add it to the list.)
Computer Associates AuditWare for NDS
AuditWare for NDS is a Windows-based advanced NDS reporting and security analysis tool. Using the reporting capabilities of AuditWare for NDS, network managers can generate comparison, analysis, security, and documentation reports quickly, easily... and safely. Additionally, AuditWare for NDS comes with several first-to-market capabilities required for any NDS site, such as The Enforcer -- object comparisons, The Assistant -- a compilation of security white papers and tips, and The Object Rights Expert -- easy ACL analysis. AuditWare for NDS was built from the ground up as an advanced NDS reporting tool.
Visual Click DSRAZOR
DSRAZOR can automatically generate the following reports:
- File System
- Latest NetWare Service Pack Installed
- Explicit File System Trustee Assignments
- Effective File System Trustee Assignments
- File Server Security SET parameters
- Volume Usage
- File Server Hardware Details
- Enterprise Directories with Inheritance Filters
- Unused Files
- NDS and eDirectory
- Objects with Supervisory Trustees
- Where is Account a Trustee
- Objects with an Inherited Rights Filter (IRF) defined
- Unused Accounts
- Password and other Security Settings
- Groups with no members
- Containers with no objects
- Duplicate Accounts
Intrusion Inc SecurityAnalyst
Intrusion SecurityAnalyst software is an agentless assessment tool that doesn't require the installation of software agents on target systems. It's designed to provide centralized audit data of all key Windows security features. With its built-in policy definition and comprehensive reporting capabilities, SecurityAnalyst can help administrators analyze network risks so they can take immediate corrective action to safeguard network integrity.
Symantec Enterprise Security Manager
This product automates the discovery of security vulnerabilities and deviations of the security policy in mission critical e-Business applications and servers across the enterprise from a single location. It provides enterprise-class tools that allow administrators to create security baselines for every system on the network and measure performance against those baselines to ensure that devices are properly configured and being used in accordance with policies. With its tools, administrators can quickly and cost effectively create and manage online security policies and user-defined security domains, identify systems that are not in compliance, and correct faulty security settings on systems at any location to bring them back into compliance.
Here's a couple you missed, and some additional points.
Check out www.bluelance.com for LTAuditor+ and don't forget BINDView's EMS at www.bindview.com. RSA Security (http://www.rsasecurity.com/) also has some products that integrate nicely with Novell solutions.
There is even a Novell product you guys forgot! NAAS, Novell Advanced Auditing Server. (Part of NetWare 6).
A point you need to clarify is that there are two kinds of auditing. 1) Where you run a report against an existing configuration to examin it for weaknesses. 2) Where you monitor the system and log (usually the definition of an audit or audit trail) all changes to a central location.
For me, running a report is not that useful. But I need to keep track of who makes changes to DS. Whereas for others, they may not care about who makes the changes, just that there are no security holes.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com