ISP Planet - Technology - Security Tools for the Budget Conscious ISP - Part II: Security Administration Tools

Sections

• Best of the Lists
• Business
• CLEC-Planet
• Equipment
• Executive
Perspectives
• Fixed Wireless
• Investor
• Marketing
• Market Research
• News
• Notable Quotes
• Politics
• Profiles
• Resources
• Technology
• Value-Added
Services
• Webhosting
Also ...
• About Us
• Authors
• ISP-Planet Blog
• Letters
• Site Map
• Technology Jobs

ISP Resources

ISP-Lists
ISP Glossary
ISP News
The List
ISPCON Events
Free Newsletters

internet.com

IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers

internet.commerce

Partner With Us

Security Tools for the Budget Conscious ISP, Part II: Security Administration Tools

by Lisa Phifer
VP Core Competence, Inc.
[January 30, 2004]

Security Administration Tools
There are many, many products out there to help you manage various aspects of network, system, and server security. For the purpose of this article, we'll focus on two security-related tasks: keeping security patches up-to-date and enforcing security parameter settings.

Vulnerability assessments are only productive if you take action to close the highest-priority holes identified in test results. But ad hoc fixes have a way of coming undone over time. If you manually download missing security patches today, how will you stay on top of new patches? If you SSH into a server to lock down directories and disable anonymous FTP, how can you be sure someone won't change those settings back?

Automated tools can help you improve security after an assessment and maintain that improved level over time. Deciding which patches to apply and what parameters to change is still a big task, but tools can do the legwork by implementing your decisions consistently across an entire network.

A few commercial (security) patch management systems include:

A non-exhaustive list of (security) configuration management products include:

As should be obvious from many of these product names, commercial offerings tend to be geared towards meeting the needs of enterprises that manage hundreds of servers and thousands of desktops. Nonetheless, these products can often be used in smaller deployments; cost can be managed by focusing on your most essential servers.

If commercial solutions just aren't in your budget, here are a few patch and configuration management tools that you can download at no cost:

Bastille Linux Hardening System can help you secure *NIX systems running Debian, Mandrake, Red Hat, SuSE, TurboLinux, HP-UX, and Mac OS X.
Cisco-centric Open Source Tools like CiscoConf and ConfigSafe are freely available to help manage router, switch, and other Cisco device configurations. These and many other tools can be found on the COSI Web site.
Fast OnlineUpdate for SuSE (fou4s) is a freely available package update tool for SUSE, not specific to security patch management.
Microsoft's Software Update Services (SUS) uses a client/server architecture to essentially run Windows Update on a Windows XP/2000/2003 Server inside a firewall, letting the administrator control which patches get pushed to Win32 clients. Microsoft also sells SMS 2003; differences between these tools are described here.
DOE-CIAC's SafePatch is freely available to US government agencies and their contractors. SafePatch can help you automate analysis, distribution, notification, and installation of security patches on Solaris, Linux, and Windows.
Shavlik's HFNetChkPro Free Version supports graphical patch assessment, deployment, and tracking for up to 10 Windows servers. To manage additional servers, see Shavlik's commercial product. To view sample HFNetChkPro output, click here.
Ximian RedCarpet is an open source software management tool for RedHat, Mandrake, and SUSE Linux, available in both command line and graphic client formats.

This list is admittedly short on configuration tools. We just haven't found many free tools that offer turn-key security configuration management.

Security Tools for the Budget Conscious ISP, Part II:
Introduction and Vulnerability Scan and Assessment Services

Security Tools for the Budget Conscious ISP, Part II:
Network Vulnerability Assessment Tools

Security Tools for the Budget Conscious ISP, Part II:
System Vulnerability Assessment Tools

Security Tools for the Budget Conscious ISP, Part II:
Web Vulnerability Assessment Tools

Security Tools for the Budget Conscious ISP, Part II:
Security Administration Tools

>Security Tools for the Budget Conscious ISP, Part II:
Security Audit Tools and Conclusion

Best of ISP-Planet

ISP-Planet Guide

ISP-Planet's
Principal Studies

Directories:
• Anti-Spam
• Backbone Providers
• Billing Services
• Customer Support
• IDS
• ISP Associations
• Registrar
• Trouble Ticketing
• Webmail
• Wholesale Dialup
• Wireless Equipment

Q2 2008
Top U.S. ISPs
by Subscriber
(Updated 08/29/2008)

VoIP Ranking by Subscriber (Updated 09/02/2008)

ISP-Planet's
Blogroll

ISP-Planet's RSS feed

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info

Legal Notices, Licensing, Reprints, Permissions, Privacy Policy.
Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers

Whitepapers and eBooks

Microsoft Article: Will Hyper-V Make VMware This Decade's Netscape?
Microsoft Article: BitLocker Encryption on Windows Server 2008
Go Parallel Article: Intel Thread Checker, Meet 20 Million LOC
IBM Whitepaper: Innovative Collaboration to Advance Your Business
Internet.com eBook: Real Life Rails
Avaya Article: Call Control XML - Powerful, Standards-Based Call Control
Tripwire Whitepaper: Seven Practical Steps to Mitigate Virtualization Security Risks
Internet.com eBook: The Pros and Cons of Outsourcing
Internet.com eBook: Best Practices for Developing a Web Site

IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES

Webcasts

Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers

Rackspace Hosting Center: Customer Videos
Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS

Downloads and eKits

Amyuni Download: PDF & XPS Engine for Your .NET and ActiveX Applications
Microsoft Download: Silverlight 2 Software Development Kit Beta 2
30-Day Trial: SPAMfighter Exchange Module
Red Gate Download: SQL Toolbelt

Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Beta 2 Runtime
MORE DOWNLOADS, EKITS, AND FREE TRIALS

Tutorials and Demos

IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications

MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES