Use of SPQuery and STAT At FNAL - PowerPoint PPT Presentation

use of spquery and stat at fnal n.
Skip this Video
Loading SlideShow in 5 Seconds..
Use of SPQuery and STAT At FNAL PowerPoint Presentation
Download Presentation
Use of SPQuery and STAT At FNAL

play fullscreen
1 / 31
Download Presentation
Use of SPQuery and STAT At FNAL
Download Presentation

Use of SPQuery and STAT At FNAL

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Use of SPQuery and STAT At FNAL HEPNT/HEPIX Sept, 1999

  2. SPQuery • SPQuery is a useful tool for: • Reporting Service pack and hotfix information for an entire domain or a select group of machines. • Downloading of hotfixes from Internet for NT, IIS, Exchange, SQL and Site Server to a central repository • Applying Workstation/Server hotfixes to remote machines

  3. Query Systems • Ability to check single machine, entire domains, or use machine list files. • Information on date Service Pack and hotfixes were applied • Information on available hotfixes for applied service pack

  4. Systems Information

  5. Importing Machine Lists

  6. Hotfix Info • Get information on files replaced or added by the hotfix • Query Internet for newest hotfix information • View Knowledge Base Article

  7. Affected Files

  8. Knowledge Base Information

  9. Applying Fixes Three Basic Steps • Download hot fixes to a local repository • Multiple downloads possible. • Install • Must have admin rights to install to remote system • Schedules hotfix to be applied at next login. User must have local admin • Hotfix files and an ‘agent’ copied to remote system and run on next login. • Pop up box during login gives user choice to apply patch or not. • Only visible for 20 seconds • Only supports singular patch application • Reboot NOTE: User has the ability to decide if patch is applied!

  10. Downloading Fix

  11. Fix Scheduled

  12. User Login

  13. Hotfix Applied

  14. Profile Creation • Offers the ability to create service pack/hotfix profiles. • Test your NT machine(s) against these profiles to determine if they pass or fail. • We have Profiles for SP4 and SP5 with appropriate security hotfixes.

  15. Profiles

  16. Reporting • Print reports (very detailed) • Save reports for future reference in SPQuery or save them to a csv file and import into Excel

  17. Options

  18. SPQuery Stuff I’d like to see • Notify if user selects ‘Never’ apply patch. • Ability to load patches in correct order. • Ability to apply more than one patch at a time. • More details when downloading from Internet • Customization of Report Printing Inexpensive- $595 for a site license!

  19. STAT (Security Test and Analysis Tool) • Detects 600 + Vulnerabilities from NT 3.51 to NT4 SP5 • Can Examine specific machine, multiple machines or Entire Domain • Automatic Vulnerability Fix • Configuration Templates available • Password Strength testing

  20. Account requirements • To analyze systems on the network must be Domain Admin. • To analyze workgroups must be in local admin for machines you wish to access

  21. Analysis Overview • Analyze single machine, multiple machines or domains • Machine analysis can be saved and compared to new analysis • Systems must appear in Network Neighborhood • Domain examination is time-consuming • Checking all vulnerabilities takes an average of one gigabyte per minute. • 4 Levels of Vulnerability • High- May grant unauthorized administrative access. • Medium- May provide access to sensitive data leading to further exploitation. • Low- May be used for information gathering or preventative security measures that could lead to higher risk levels. • Warning- Recommended good security practices.

  22. 4 Warnings • There are 4 warnings in the STAT database that will always be displayed: • ID# 87 boot enabled (anyone can boot system from floppy) • ID# 403 clipboard ( clear clipboard before logging off or locking computer • ID# 409 emergency repair disk (ERD has compressed version of SAM. Make sure to lock it up!) • ID# 421 administrators group (check administrators group for unknown account names)

  23. Analysis

  24. Vulnerability Info

  25. Fixing Vulnerability

  26. Vulnerability Fixed

  27. Configuration Files • Ability to define ‘templates’ to check for only specific vulnerabilities. • Description field helps identify vulnerability. • Eight ‘templates’ provided: • All- ~600 vulnerabilities. • Autofix- Check only what can be fixed. • Filechecks- Check only file related vulnerabilities. • High- Check only vulnerabilities defined as high. • Low- Check only vulnerabilities defined as low. • Medium- Check only vulnerabilities defined as medium. • Nofilechecks- Check only vulnerabilities not related to files. • Warning- Check only vulnerabilities not related to files.

  28. Configuration

  29. Uses simple text file to check passwords Cracked passwords not displayed. Just Username. File can be modified to your requirements. Note: Software upgrade could overwrite the file. Password Cracking

  30. Report Print Options Executive • Pie-chart representing the percentage of vulnerabilities by level of risk found in a selected network or machine. Network • Bar chart representing percentages of discovered vulnerabilities with respect to total possible vulnerabilities tested per machine. Vulnerability • Bar chart representing each vulnerability detected and how many machines contain that specific vulnerability. • Detailed • Report shows all vulnerabilities found per machine. The report provides a brief description of each vulnerability, along with the applicable risk each represent.

  31. STAT Wish List • Ability to import machine lists • Better documentation • Improve speed of analysis • Problems analyzing domain with 95/98 systems • Canceling a vulnerability assessment takes too long Cost- $1797 per Admin License does not include yearly maintenance