use of spquery and stat at fnal n.
Skip this Video
Loading SlideShow in 5 Seconds..
Use of SPQuery and STAT At FNAL PowerPoint Presentation
Download Presentation
Use of SPQuery and STAT At FNAL

Loading in 2 Seconds...

play fullscreen
1 / 31

Use of SPQuery and STAT At FNAL - PowerPoint PPT Presentation

  • Uploaded on

Use of SPQuery and STAT At FNAL. HEPNT/HEPIX Sept, 1999. SPQuery. SPQuery is a useful tool for: Reporting Service pack and hotfix information for an entire domain or a select group of machines.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Use of SPQuery and STAT At FNAL' - lotus

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
use of spquery and stat at fnal

Use of SPQuery and STAT At FNAL

HEPNT/HEPIX Sept, 1999

  • SPQuery is a useful tool for:
  • Reporting Service pack and hotfix information for an entire domain or a select group of machines.
  • Downloading of hotfixes from Internet for NT, IIS, Exchange, SQL and Site Server to a central repository
  • Applying Workstation/Server hotfixes to remote machines
query systems
Query Systems
  • Ability to check single machine, entire domains, or use machine list files.
  • Information on date Service Pack and hotfixes were applied
  • Information on available hotfixes for applied service pack
hotfix info
Hotfix Info
  • Get information on files replaced or added by the hotfix
  • Query Internet for newest hotfix information
  • View Knowledge Base Article
applying fixes
Applying Fixes

Three Basic Steps

  • Download hot fixes to a local repository
    • Multiple downloads possible.
  • Install
    • Must have admin rights to install to remote system
    • Schedules hotfix to be applied at next login. User must have local admin
    • Hotfix files and an ‘agent’ copied to remote system and run on next login.
    • Pop up box during login gives user choice to apply patch or not.
      • Only visible for 20 seconds
    • Only supports singular patch application
  • Reboot

NOTE: User has the ability to decide if patch is applied!

profile creation
Profile Creation
  • Offers the ability to create service pack/hotfix profiles.
  • Test your NT machine(s) against these profiles to determine if they pass or fail.
  • We have Profiles for SP4 and SP5 with appropriate security hotfixes.
  • Print reports (very detailed)
  • Save reports for future reference in SPQuery or save them to a csv file and import into Excel

Stuff I’d like to see

  • Notify if user selects ‘Never’ apply patch.
  • Ability to load patches in correct order.
  • Ability to apply more than one patch at a time.
  • More details when downloading from Internet
  • Customization of Report Printing

Inexpensive- $595 for a site license!

stat security test and analysis tool
STAT (Security Test and Analysis Tool)
  • Detects 600 + Vulnerabilities from NT 3.51 to NT4 SP5
  • Can Examine specific machine, multiple machines or Entire Domain
  • Automatic Vulnerability Fix
  • Configuration Templates available
  • Password Strength testing
account requirements
Account requirements
  • To analyze systems on the network must be Domain Admin.
  • To analyze workgroups must be in local admin for machines you wish to access
analysis overview
Analysis Overview
  • Analyze single machine, multiple machines or domains
  • Machine analysis can be saved and compared to new analysis
  • Systems must appear in Network Neighborhood
  • Domain examination is time-consuming
    • Checking all vulnerabilities takes an average of one gigabyte per minute.
  • 4 Levels of Vulnerability
    • High- May grant unauthorized administrative access.
    • Medium- May provide access to sensitive data leading to further exploitation.
    • Low- May be used for information gathering or preventative security measures that could lead to higher risk levels.
    • Warning- Recommended good security practices.
4 warnings
4 Warnings
  • There are 4 warnings in the STAT database that will always be displayed:
    • ID# 87 boot enabled (anyone can boot system from floppy)
    • ID# 403 clipboard ( clear clipboard before logging off or locking computer
    • ID# 409 emergency repair disk (ERD has compressed version of SAM. Make sure to lock it up!)
    • ID# 421 administrators group (check administrators group for unknown account names)
configuration files
Configuration Files
  • Ability to define ‘templates’ to check for only specific vulnerabilities.
  • Description field helps identify vulnerability.
  • Eight ‘templates’ provided:
    • All- ~600 vulnerabilities.
    • Autofix- Check only what can be fixed.
    • Filechecks- Check only file related vulnerabilities.
    • High- Check only vulnerabilities defined as high.
    • Low- Check only vulnerabilities defined as low.
    • Medium- Check only vulnerabilities defined as medium.
    • Nofilechecks- Check only vulnerabilities not related to files.
    • Warning- Check only vulnerabilities not related to files.
password cracking
Uses simple text file to check passwords

Cracked passwords not displayed. Just Username.

File can be modified to your requirements.

Note: Software upgrade could overwrite the file.

Password Cracking
report print options
Report Print Options


    • Pie-chart representing the percentage of vulnerabilities by level of risk found in a selected network or machine.


    • Bar chart representing percentages of discovered vulnerabilities with respect to total possible vulnerabilities tested per machine.


    • Bar chart representing each vulnerability detected and how many machines contain that specific vulnerability.
  • Detailed
    • Report shows all vulnerabilities found per machine. The report provides a brief description of each vulnerability, along with the applicable risk each represent.
stat wish list
STAT Wish List
  • Ability to import machine lists
  • Better documentation
  • Improve speed of analysis
  • Problems analyzing domain with 95/98 systems
  • Canceling a vulnerability assessment takes too long

Cost- $1797 per Admin License does not include yearly maintenance