RE: Windows Network Audit Tool Question

You might want to consider running Microsoft's Baseline Security Analyzer (MSBA) -
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/ tools/Tools/MBSAhome.asp

or GFI's Languard Network Scanner (http://www.gfi.com/lannetscan/index.htm).

Both are open source/freeware and run under Windows (MSBA requires Windows 2000 Professional and Administrator rights over the machines being scanned, Languard runs under 9x/NT/2000 and you do not need Administrator rights over the machines being scanned). The commercial version of Languard is $99 and allows a Network Administrator to push/distribute security patches remotely.

FYI...version 3.1 of Languard (beta) advertises that it will allow Network Administrators remotely push service packs (in addition to security patches).

Rafael Rosado
IT Security Manager
Caribbean and Latin America Region (CALA) Lucent Technologies O
Corporate Security
Business Assurance and Risk Mitigation Services (B.A.R.M.S.) 2400 SW 145th Avenue - Room 3S039
Miramar, Florida 33027
+1 954-885-2176 (voice) *
+1 954-885-3861 (fax) *
+1 954-648-3532 (mobile) or 9546483532@mobile.att.net (text message) *
rarosado@lucent.com (email) *

This electronic mail message contains information belonging to Lucent Technologies, which may be confidential and/or legal privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronically mailed information is strictly prohibited. If you receive this message in error, please immediately notify us by electronic mail and delete this message.

-----Original Message-----
From: Havens, Ben [mailto:benh@bf.umich.edu] Sent: Monday, December 30, 2002 12:59 AM To: security-basics@securityfocus.com
Subject: RE: Windows Network Audit Tool Question

Nessus (nessus.org) has a plugin for checking service pack level. Don't see one for querying installed hotfixes, but you might be able to rework this one to return those hotfix regkeys/values. That appears to be all that Winfingerprint does.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

IMHO, this is not a very reliable method. Something like Hfnetchk (shavlik.com) which also verifies file versions and checksums would give you a better idea of whether installed hotfixes are still intact.

-Ben

-----Original Message-----
From: Old Ben [mailto:obwan51@fastmail.fm] Sent: Friday, December 27, 2002 1:21 PM
To: security-basics@securityfocus.com
Subject: Windows Network Audit Tool Question

Greetings,

As an admin of a Windows Domain I am looking for a tool that will provide the same type of information (especially the service pack/patch level) that I can get from Winfingerprint http://winfingerprint.sourceforge.net/ but that will run from a shell on Linux. I suspect that it is possible to do this with the Samba client software but can't find any information on it. Can anyone provide me a starting point or a link to an (open source) tool that provides this functionallity? Thanks.

-fb

-- 
  Old Ben
  obwan51@fastmail.fm