Use of spquery and stat at fnal
1 / 31

Use of SPQuery and STAT At FNAL - PowerPoint PPT Presentation

  • Uploaded on

Use of SPQuery and STAT At FNAL. HEPNT/HEPIX Sept, 1999. SPQuery. SPQuery is a useful tool for: Reporting Service pack and hotfix information for an entire domain or a select group of machines.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Use of SPQuery and STAT At FNAL' - lotus

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Use of spquery and stat at fnal

Use of SPQuery and STAT At FNAL

HEPNT/HEPIX Sept, 1999


  • SPQuery is a useful tool for:

  • Reporting Service pack and hotfix information for an entire domain or a select group of machines.

  • Downloading of hotfixes from Internet for NT, IIS, Exchange, SQL and Site Server to a central repository

  • Applying Workstation/Server hotfixes to remote machines

Query systems
Query Systems

  • Ability to check single machine, entire domains, or use machine list files.

  • Information on date Service Pack and hotfixes were applied

  • Information on available hotfixes for applied service pack

Hotfix info
Hotfix Info

  • Get information on files replaced or added by the hotfix

  • Query Internet for newest hotfix information

  • View Knowledge Base Article

Applying fixes
Applying Fixes

Three Basic Steps

  • Download hot fixes to a local repository

    • Multiple downloads possible.

  • Install

    • Must have admin rights to install to remote system

    • Schedules hotfix to be applied at next login. User must have local admin

    • Hotfix files and an ‘agent’ copied to remote system and run on next login.

    • Pop up box during login gives user choice to apply patch or not.

      • Only visible for 20 seconds

    • Only supports singular patch application

  • Reboot

    NOTE: User has the ability to decide if patch is applied!

Profile creation
Profile Creation

  • Offers the ability to create service pack/hotfix profiles.

  • Test your NT machine(s) against these profiles to determine if they pass or fail.

  • We have Profiles for SP4 and SP5 with appropriate security hotfixes.


  • Print reports (very detailed)

  • Save reports for future reference in SPQuery or save them to a csv file and import into Excel


Stuff I’d like to see

  • Notify if user selects ‘Never’ apply patch.

  • Ability to load patches in correct order.

  • Ability to apply more than one patch at a time.

  • More details when downloading from Internet

  • Customization of Report Printing

    Inexpensive- $595 for a site license!

Stat security test and analysis tool
STAT (Security Test and Analysis Tool)

  • Detects 600 + Vulnerabilities from NT 3.51 to NT4 SP5

  • Can Examine specific machine, multiple machines or Entire Domain

  • Automatic Vulnerability Fix

  • Configuration Templates available

  • Password Strength testing

Account requirements
Account requirements

  • To analyze systems on the network must be Domain Admin.

  • To analyze workgroups must be in local admin for machines you wish to access

Analysis overview
Analysis Overview

  • Analyze single machine, multiple machines or domains

  • Machine analysis can be saved and compared to new analysis

  • Systems must appear in Network Neighborhood

  • Domain examination is time-consuming

    • Checking all vulnerabilities takes an average of one gigabyte per minute.

  • 4 Levels of Vulnerability

    • High- May grant unauthorized administrative access.

    • Medium- May provide access to sensitive data leading to further exploitation.

    • Low- May be used for information gathering or preventative security measures that could lead to higher risk levels.

    • Warning- Recommended good security practices.

4 warnings
4 Warnings

  • There are 4 warnings in the STAT database that will always be displayed:

    • ID# 87 boot enabled (anyone can boot system from floppy)

    • ID# 403 clipboard ( clear clipboard before logging off or locking computer

    • ID# 409 emergency repair disk (ERD has compressed version of SAM. Make sure to lock it up!)

    • ID# 421 administrators group (check administrators group for unknown account names)

Configuration files
Configuration Files

  • Ability to define ‘templates’ to check for only specific vulnerabilities.

  • Description field helps identify vulnerability.

  • Eight ‘templates’ provided:

    • All- ~600 vulnerabilities.

    • Autofix- Check only what can be fixed.

    • Filechecks- Check only file related vulnerabilities.

    • High- Check only vulnerabilities defined as high.

    • Low- Check only vulnerabilities defined as low.

    • Medium- Check only vulnerabilities defined as medium.

    • Nofilechecks- Check only vulnerabilities not related to files.

    • Warning- Check only vulnerabilities not related to files.

Password cracking

Uses simple text file to check passwords

Cracked passwords not displayed. Just Username.

File can be modified to your requirements.

Note: Software upgrade could overwrite the file.

Password Cracking

Report print options
Report Print Options


  • Pie-chart representing the percentage of vulnerabilities by level of risk found in a selected network or machine.


  • Bar chart representing percentages of discovered vulnerabilities with respect to total possible vulnerabilities tested per machine.


  • Bar chart representing each vulnerability detected and how many machines contain that specific vulnerability.

  • Detailed

    • Report shows all vulnerabilities found per machine. The report provides a brief description of each vulnerability, along with the applicable risk each represent.

  • Stat wish list
    STAT Wish List

    • Ability to import machine lists

    • Better documentation

    • Improve speed of analysis

    • Problems analyzing domain with 95/98 systems

    • Canceling a vulnerability assessment takes too long

      Cost- $1797 per Admin License does not include yearly maintenance