Use of spquery and stat at fnal
Advertisement
This presentation is the property of its rightful owner.
1 / 31

Use of SPQuery and STAT At FNAL PowerPoint PPT Presentation

Use of SPQuery and STAT At FNAL. HEPNT/HEPIX Sept, 1999. SPQuery. SPQuery is a useful tool for: Reporting Service pack and hotfix information for an entire domain or a select group of machines.

Download Presentation

Use of SPQuery and STAT At FNAL

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Use of spquery and stat at fnal

Use of SPQuery and STAT At FNAL

HEPNT/HEPIX Sept, 1999


Spquery

SPQuery

  • SPQuery is a useful tool for:

  • Reporting Service pack and hotfix information for an entire domain or a select group of machines.

  • Downloading of hotfixes from Internet for NT, IIS, Exchange, SQL and Site Server to a central repository

  • Applying Workstation/Server hotfixes to remote machines


Query systems

Query Systems

  • Ability to check single machine, entire domains, or use machine list files.

  • Information on date Service Pack and hotfixes were applied

  • Information on available hotfixes for applied service pack


Systems information

Systems Information


Importing machine lists

Importing Machine Lists


Hotfix info

Hotfix Info

  • Get information on files replaced or added by the hotfix

  • Query Internet for newest hotfix information

  • View Knowledge Base Article


Affected files

Affected Files


Knowledge base information

Knowledge Base Information


Applying fixes

Applying Fixes

Three Basic Steps

  • Download hot fixes to a local repository

    • Multiple downloads possible.

  • Install

    • Must have admin rights to install to remote system

    • Schedules hotfix to be applied at next login. User must have local admin

    • Hotfix files and an ‘agent’ copied to remote system and run on next login.

    • Pop up box during login gives user choice to apply patch or not.

      • Only visible for 20 seconds

    • Only supports singular patch application

  • Reboot

    NOTE: User has the ability to decide if patch is applied!


Downloading fix

Downloading Fix


Fix scheduled

Fix Scheduled


User login

User Login


Hotfix applied

Hotfix Applied


Profile creation

Profile Creation

  • Offers the ability to create service pack/hotfix profiles.

  • Test your NT machine(s) against these profiles to determine if they pass or fail.

  • We have Profiles for SP4 and SP5 with appropriate security hotfixes.


Profiles

Profiles


Reporting

Reporting

  • Print reports (very detailed)

  • Save reports for future reference in SPQuery or save them to a csv file and import into Excel


Options

Options


Spquery1

SPQuery

Stuff I’d like to see

  • Notify if user selects ‘Never’ apply patch.

  • Ability to load patches in correct order.

  • Ability to apply more than one patch at a time.

  • More details when downloading from Internet

  • Customization of Report Printing

    Inexpensive- $595 for a site license!

    http://www.mtesoft.com


Stat security test and analysis tool

STAT (Security Test and Analysis Tool)

  • Detects 600 + Vulnerabilities from NT 3.51 to NT4 SP5

  • Can Examine specific machine, multiple machines or Entire Domain

  • Automatic Vulnerability Fix

  • Configuration Templates available

  • Password Strength testing


Account requirements

Account requirements

  • To analyze systems on the network must be Domain Admin.

  • To analyze workgroups must be in local admin for machines you wish to access


Analysis overview

Analysis Overview

  • Analyze single machine, multiple machines or domains

  • Machine analysis can be saved and compared to new analysis

  • Systems must appear in Network Neighborhood

  • Domain examination is time-consuming

    • Checking all vulnerabilities takes an average of one gigabyte per minute.

  • 4 Levels of Vulnerability

    • High- May grant unauthorized administrative access.

    • Medium- May provide access to sensitive data leading to further exploitation.

    • Low- May be used for information gathering or preventative security measures that could lead to higher risk levels.

    • Warning- Recommended good security practices.


4 warnings

4 Warnings

  • There are 4 warnings in the STAT database that will always be displayed:

    • ID# 87 boot enabled (anyone can boot system from floppy)

    • ID# 403 clipboard ( clear clipboard before logging off or locking computer

    • ID# 409 emergency repair disk (ERD has compressed version of SAM. Make sure to lock it up!)

    • ID# 421 administrators group (check administrators group for unknown account names)


Analysis

Analysis


Vulnerability info

Vulnerability Info


Fixing vulnerability

Fixing Vulnerability


Vulnerability fixed

Vulnerability Fixed


Configuration files

Configuration Files

  • Ability to define ‘templates’ to check for only specific vulnerabilities.

  • Description field helps identify vulnerability.

  • Eight ‘templates’ provided:

    • All- ~600 vulnerabilities.

    • Autofix- Check only what can be fixed.

    • Filechecks- Check only file related vulnerabilities.

    • High- Check only vulnerabilities defined as high.

    • Low- Check only vulnerabilities defined as low.

    • Medium- Check only vulnerabilities defined as medium.

    • Nofilechecks- Check only vulnerabilities not related to files.

    • Warning- Check only vulnerabilities not related to files.


Configuration

Configuration


Password cracking

Uses simple text file to check passwords

Cracked passwords not displayed. Just Username.

File can be modified to your requirements.

Note: Software upgrade could overwrite the file.

Password Cracking


Report print options

Report Print Options

Executive

  • Pie-chart representing the percentage of vulnerabilities by level of risk found in a selected network or machine.

    Network

  • Bar chart representing percentages of discovered vulnerabilities with respect to total possible vulnerabilities tested per machine.

    Vulnerability

  • Bar chart representing each vulnerability detected and how many machines contain that specific vulnerability.

  • Detailed

    • Report shows all vulnerabilities found per machine. The report provides a brief description of each vulnerability, along with the applicable risk each represent.


  • Stat wish list

    STAT Wish List

    • Ability to import machine lists

    • Better documentation

    • Improve speed of analysis

    • Problems analyzing domain with 95/98 systems

    • Canceling a vulnerability assessment takes too long

      Cost- $1797 per Admin License does not include yearly maintenance

      http://www.statonline.com


  • Login