Use of spquery and stat at fnal
Download
1 / 31

Use of SPQuery and STAT At FNAL - PowerPoint PPT Presentation


  • 651 Views
  • Uploaded on

Use of SPQuery and STAT At FNAL. HEPNT/HEPIX Sept, 1999. SPQuery. SPQuery is a useful tool for: Reporting Service pack and hotfix information for an entire domain or a select group of machines.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Use of SPQuery and STAT At FNAL' - lotus


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Use of spquery and stat at fnal

Use of SPQuery and STAT At FNAL

HEPNT/HEPIX Sept, 1999


Spquery
SPQuery

  • SPQuery is a useful tool for:

  • Reporting Service pack and hotfix information for an entire domain or a select group of machines.

  • Downloading of hotfixes from Internet for NT, IIS, Exchange, SQL and Site Server to a central repository

  • Applying Workstation/Server hotfixes to remote machines


Query systems
Query Systems

  • Ability to check single machine, entire domains, or use machine list files.

  • Information on date Service Pack and hotfixes were applied

  • Information on available hotfixes for applied service pack




Hotfix info
Hotfix Info

  • Get information on files replaced or added by the hotfix

  • Query Internet for newest hotfix information

  • View Knowledge Base Article




Applying fixes
Applying Fixes

Three Basic Steps

  • Download hot fixes to a local repository

    • Multiple downloads possible.

  • Install

    • Must have admin rights to install to remote system

    • Schedules hotfix to be applied at next login. User must have local admin

    • Hotfix files and an ‘agent’ copied to remote system and run on next login.

    • Pop up box during login gives user choice to apply patch or not.

      • Only visible for 20 seconds

    • Only supports singular patch application

  • Reboot

    NOTE: User has the ability to decide if patch is applied!






Profile creation
Profile Creation

  • Offers the ability to create service pack/hotfix profiles.

  • Test your NT machine(s) against these profiles to determine if they pass or fail.

  • We have Profiles for SP4 and SP5 with appropriate security hotfixes.



Reporting
Reporting

  • Print reports (very detailed)

  • Save reports for future reference in SPQuery or save them to a csv file and import into Excel



Spquery1
SPQuery

Stuff I’d like to see

  • Notify if user selects ‘Never’ apply patch.

  • Ability to load patches in correct order.

  • Ability to apply more than one patch at a time.

  • More details when downloading from Internet

  • Customization of Report Printing

    Inexpensive- $595 for a site license!

    http://www.mtesoft.com


Stat security test and analysis tool
STAT (Security Test and Analysis Tool)

  • Detects 600 + Vulnerabilities from NT 3.51 to NT4 SP5

  • Can Examine specific machine, multiple machines or Entire Domain

  • Automatic Vulnerability Fix

  • Configuration Templates available

  • Password Strength testing


Account requirements
Account requirements

  • To analyze systems on the network must be Domain Admin.

  • To analyze workgroups must be in local admin for machines you wish to access


Analysis overview
Analysis Overview

  • Analyze single machine, multiple machines or domains

  • Machine analysis can be saved and compared to new analysis

  • Systems must appear in Network Neighborhood

  • Domain examination is time-consuming

    • Checking all vulnerabilities takes an average of one gigabyte per minute.

  • 4 Levels of Vulnerability

    • High- May grant unauthorized administrative access.

    • Medium- May provide access to sensitive data leading to further exploitation.

    • Low- May be used for information gathering or preventative security measures that could lead to higher risk levels.

    • Warning- Recommended good security practices.


4 warnings
4 Warnings

  • There are 4 warnings in the STAT database that will always be displayed:

    • ID# 87 boot enabled (anyone can boot system from floppy)

    • ID# 403 clipboard ( clear clipboard before logging off or locking computer

    • ID# 409 emergency repair disk (ERD has compressed version of SAM. Make sure to lock it up!)

    • ID# 421 administrators group (check administrators group for unknown account names)






Configuration files
Configuration Files

  • Ability to define ‘templates’ to check for only specific vulnerabilities.

  • Description field helps identify vulnerability.

  • Eight ‘templates’ provided:

    • All- ~600 vulnerabilities.

    • Autofix- Check only what can be fixed.

    • Filechecks- Check only file related vulnerabilities.

    • High- Check only vulnerabilities defined as high.

    • Low- Check only vulnerabilities defined as low.

    • Medium- Check only vulnerabilities defined as medium.

    • Nofilechecks- Check only vulnerabilities not related to files.

    • Warning- Check only vulnerabilities not related to files.



Password cracking

Uses simple text file to check passwords

Cracked passwords not displayed. Just Username.

File can be modified to your requirements.

Note: Software upgrade could overwrite the file.

Password Cracking


Report print options
Report Print Options

Executive

  • Pie-chart representing the percentage of vulnerabilities by level of risk found in a selected network or machine.

    Network

  • Bar chart representing percentages of discovered vulnerabilities with respect to total possible vulnerabilities tested per machine.

    Vulnerability

  • Bar chart representing each vulnerability detected and how many machines contain that specific vulnerability.

  • Detailed

    • Report shows all vulnerabilities found per machine. The report provides a brief description of each vulnerability, along with the applicable risk each represent.


  • Stat wish list
    STAT Wish List

    • Ability to import machine lists

    • Better documentation

    • Improve speed of analysis

    • Problems analyzing domain with 95/98 systems

    • Canceling a vulnerability assessment takes too long

      Cost- $1797 per Admin License does not include yearly maintenance

      http://www.statonline.com