|
(Page 4 of 8) < Prev 1 2 3 4 5 6 7 8 Next > Category: System Security Management » Windows NT BlackList Scanner Added 2001-10-22 The advantages of automated blacklist scanning include: -New lists can be incorporated immediately -Many NT servers can force a scan for the attaching system at logon -extraordinary flexibility, e.g. either scan all drives or just C: at the drop of a had (or editing a batch file). -Very high speed Very compact for wide distribution -Component testability, not just a magic package that may work and often fails. -Extensibility into other areas/applets with River Techniques (tm) athena-2k.pl Added 2001-10-22 This tool is a ~600 line PERL script that utilizes the Net::SNMP module. It's purpose is to retrieve A LOT of information out of a remote Windows 2000 machine running the SNMP Service with a known community string. I may or may not get around to making it work alright with Windows NT 4, currently it does not. It queries/walks a predefined set of SNMP OIDs, and displays the return values in a nice, formatted ASCII output. I find it to be quite speedy. It's a snapshot of my work so far, most of it being sheer research (trying to find exciting, new OIDs, and THEN finding out what exactly, they're returning that can be useful ;-) ) I think many people will be suprised at the amount of information the SNMP Service shares with the world on a misconfigured (read: default) setup. Among the items one can retrieve from such a server is: - Server Name & Primary Domain/Workgroup - OS version, CPU type (& if it's Multiprocessor or not) - SNMP Contact & Location information (If defined) - System uptime - System date/time - List of all user accounts - Total RAM - Storage devices, volume label, device type, & partition type - Running processes & process id's - Installed applications & the date they were each installed - List of services - List of network interfaces (Description, HW Address, Int Speed, IP address, netmask, Bytes In/Out, Status) - List of all share names, file system location, & comments - Routing table - TCP connections & listening ports - UDP listening ports WPTerm Added 2001-10-22 WPTerm is a simple console-driven program that allows a user to list processes and terminate a process, no questions asked. It was designed as a replacement for the Windows 2000 Task Manager, as the Windows 2000 Task Manager has a design error in it that disallows a process to end if it has the same name as a critical OS file. This allows for malicious programs to run without easily having them shut down. (See bugtraq ID 3033) WPTerm fixes this problem. SecureIIS Added 2001-10-22 SecureIIS is an application firewall for Microsoft Internet Information Services. It stops known and unknown vulnerabilities within IIS. Code Red II Removal Utility Added 2001-10-22 Code Red II Detection and Removal Utility for IIS 5.0. Code Red II Cleaner Added 2001-10-22 Microsoft has developed a tool that eliminates the obvious damage that is caused by the Code Red II worm. Before running it, ensure that you have read the cautions discussed in the "More Information" page. Hotfix Checking Tool Added 2001-10-22 The HFCheck tool allows IIS 5.0 administrators to ensure that their servers are up to date on all security patches. The tool can be run continuously or periodically, against the local machine or a remote one, using either a database on the Microsoft web site or a locally-hosted copy. When the tool finds a patch that hasn't been installed, it can display or dialogue or write a warning to the event log. ForixNT Added 2001-10-22 ForixNT is an NT vulnerability scanner...and so much more! ForixNT is a flexible, extensible toolkit that NT administrators can use to automate policy-based security management in a way that fits their infrastructure. Rather than spending $1000's for a commercial product, NT administrators can use ForixNT to collect configuration information from NT systems across the enterprise. For example, ForixNT collects: Host information (Service Pack, HotFixes, modems, trusted domains, etc) Services (state, account each service runs under, etc) Registry key values "Trojan Keys" (see my article, "What you really need to know about network backdoor "trojan" programs"on NT) Audit settings (what events are being audited...if any) EventLog settings (via the Registry) File Permissions (checks for NTFS file system first...even remotely) Registry Permissions Domain Account Policy WinZapper Added 2001-10-22 Edit the security event log in Windows NT 4.0 and Windows 2000! WinZapper is the first tool (as far as we know) that will let you remove lines in the security log without clearing the whole log. And it will let you do this while Windows is running. BrowseList Added 2001-10-22 Retrieves an extended browse list either from your own Windows system or from a remote system. Browse by category |
|
|
Privacy Statement |
