(Page 6 of 8)   < Prev  1 2 3 4 5 6 7 8  Next >

Category: System Security Management » Windows NT

Added 2001-10-22
by Mark Russinovich and Bryce Cogswell, mark@sysinternals.com, cogswell@winternals.com
WinObj is a must-have tool if you are a system administrator concerned about security, a developer tracking down object-related problems, or just curious about the Object Manager namespace. WinObj is a 32-bit Windows NT program that uses the native Windows NT API (provided by NTDLL.DLL) to access and display information on the NT Object Manager's name space. Winobj may seem similar to the Microsoft SDK's program of the same name, but the SDK version suffers from numerous significant bugs that prevent it from displaying accurate information (e.g. its handle and reference counting information aretotally broken). In addition, our WinObj understands many more object types. Finally, Version 2.0 of our WinObj has user-interface enhancements, knows how to open device objects, and will let you view and change object security information using native NT security editors.

Added 2001-10-22
by Mark Russinovich
Most UNIX operating systems ship with a command-line tool called "ps" (or something equivalent) that administrators use to view detailed information about process CPU and memory usage. Windows NT/2K comes with no such tool natively, but you can obtain similar tools with the Windows NT Workstation or Server Resource Kits. The tools in the Resource Kits, pstat and pmon, show you different types of information, and will only display data regarding the processes on the system on which you run the tools.

Added 2001-10-22
by Mark Russinovich
Windows NT/2000 does not come with a command-line 'kill' utility. You can get one in the Windows NT or Win2K Resource Kit, but the kit's utility can only terminate processes on the local computer. PsKill is a kill utility that not only does what the Resource Kit's version does, but can also kill processes on remote systems. You don't even have to install a client on the target computer to use PsKill to terminate a remote process.

Added 2001-10-22
by Mark Russinovich, mark@sysinternals.com
Windows NT: The Resource Kit comes with a utility, elogdump, that lets you dump the contents of an Event Log on the local or a remote computer. ELogList is a clone of elogdump except that ELogList lets you login to remote systems in situations where your current set of security credentials would not permit access to the Event Log.

vf.exe - anti-worm tool
Added 2001-10-22
by Cerberus Security Team.
Viruses like the recent Love Letter "worm" and the rash of variants rely on the user opening the file to propagate. These ones relied on the association in the windows registry of files with the .vbs extension with wscript.exe - the script interpreter. This tool goes through the registry and removes application / file extention associations for VBS,VBE,WSF,WSH, JS and JSE and any viruses or worms that rely on these associations will therefore fail. These are all "dangerous" mappings and to be perfectly frank most computers users never use the functionality provided by these. Visual C++ source code available at the home page.

Added 2001-10-22
by rpuckett@cisco.com
Replaces the command interpreter values for jsefile, jsfile, vbefile, vbsfile, wsffile, wshfile types under HKCR with the one from txtfile (NOTEPAD). In this way the file extensions are opened in NOTEPAD and not with the WSCRIPT or CSCRIPT .EXEs The script also creates a .INI that stores the previous values before overwriting them (for restore purposes). This is a useful preventative measure to keep "worms" of the ILOVEYOU type from propagating. Requires kix32 scripting program. (www.Kix32.com)

Hotfix Checking Tool
Added 2001-10-22
by Microsoft
The HFCheck tool allows IIS 5.0 administrators to ensure that their servers are up to date on all security patches. The tool can be run continuously or periodically, against the local machine or a remote one, using either a database on the Microsoft web site or a locally-hosted copy. When the tool finds a patch that hasn't been installed, it can display or dialogue or write a warning to the event log.

Added 2001-10-22
by Forix Business Solutions, Inc.
ForixNT is an NT vulnerability scanner...and so much more! ForixNT is a flexible, extensible toolkit that NT administrators can use to automate policy-based security management in a way that fits their infrastructure. Rather than spending $1000's for a commercial product, NT administrators can use ForixNT to collect configuration information from NT systems across the enterprise. For example, ForixNT collects: Host information (Service Pack, HotFixes, modems, trusted domains, etc) Services (state, account each service runs under, etc) Registry key values "Trojan Keys" (see my article, "What you really need to know about network backdoor "trojan" programs"on NT) Audit settings (what events are being audited...if any) EventLog settings (via the Registry) File Permissions (checks for NTFS file system first...even remotely) Registry Permissions Domain Account Policy

Added 2001-10-22
by Arne Vidstrom, arne.vidstrom@ntsecurity.nu
Edit the security event log in Windows NT 4.0 and Windows 2000! WinZapper is the first tool (as far as we know) that will let you remove lines in the security log without clearing the whole log. And it will let you do this while Windows is running.

Added 2001-10-22
by Arne Vidstrom
Retrieves an extended browse list either from your own Windows system or from a remote system.

Search Tools
Browse by category
Log Analysis, Host, Passwords, Network, File Integrity, PSTN, Forensics, Backdoors, Source Code
Passwords, Filesystem, Network, System, Compiler, Log Management, Usage Monitoring, Email
One Time Passwords, User Authentication, Password Management, Web, Server, Certificates, Tokens
Intrusion Detection
Network, Host, Web, Evasion
Access Control
Network, Firewall, user privileges, RPC, Bootup, File System, Applications, Mandatory Access Control, Server, X-Windows, ACLs, Privileges
Libraries, Applications
Libraries, Random Numbers, Traffic Encryption, Data Encryption, Cryptoanalysis, Steganography, E-mail
Network Monitoring
Policy Enforcement
Web Access, Email
System Security Management
Accounts, Console, Windows NT, Firewall, Configuration, Filesystem, Linux, Solaris, Monitoring
Network Utilities
Tunneling, Miscellaneous, Monitoring
Secure Deletion
Linux, FreeBSD, NT, Solaris
Hostile Code
Detection, Removal, Sandbox


Privacy Statement
Copyright 2010, SecurityFocus