General

Security Tools for the Budget Conscious ISP, Part II: Security Audit Tools and Conclusion

by Lisa Phifer VP Core Competence, Inc. [January 30, 2004]

Security Audit Tools
After you've conducted a vulnerability assessment and used results to harden your networks and systems, you may want to perform a security audit. Like vulnerability assessment tools, audit tools check security settings and patches, but they have a different goal—they compare findings against a defined security policy.

Audit tools can be used by outsiders to score your network's compliance with security benchmarks published by authoritative sources like SANS, NIST, CIS, and the NSA. They can also be used by insiders for self-evaluation and (in many cases) remediation. Audit tools typically run scheduled tests, store results in a database, and offer rich multi-level reporting capabilities. Most also offer ad hoc query and/or update utilities to help the audited organization fix identified policy deviations.

Some commercial products that fall into this category include:

• BindView bv-Control Audit Products
• C&A COBRA
• Computer Associates eTrust Policy Compliance
• NetIQ VigilEnt Policy Center
• Pedestal Software Security Expressions

Several security benchmarks and companion auditing tools are freely available from The Center for Internet Security (CIS). CIS relies upon its members to identify security threats and reach consensus about how to mitigate threats through best practices. Those agreements are distilled into security benchmarks for specific operating systems and services. Level 1 benchmarks are designed to achieve a "prudent level of minimum due care" without system disruption. Level 2 benchmarks go beyond this minimum level, for use by administrators "who have sufficient security knowledge to apply them with consideration to the operating systems and applications."

Benchmarks and scoring/scan tools that are freely available from CIS include:

• Windows NT and 2000 Level 1
• Windows 2000 Professional and Server Level 2
• Solaris Level 1
• Linux Level 1
• HP-UX Level 1
• Cisco IOS Router Levels 1 and 2 (RAT)

Additional benchmarks that are now under development for Windows Server 2003, Check Point FW-1/VPN-1, Cisco PIX, Cisco Catalyst, Juniper Routers, SQL Server, IIS, Apache, Sendmail, and Exchange Server 2003. To view sample Cisco ISO Router Audit Tool (RAT) files, click here.

Conclusion
In this article, we've enumerated many commercial, open source, and shareware tools that can be used to evaluate and improve the security of your network, systems, and Web servers. These lists illustrate the breadth of what's available—they are intended to help you get started, but are certainly not exhaustive, nor should they be considered endorsements. Remember: never use any security tool without first considering possible ramifications. Changing a security parameter or running a penetration test can sometimes have surprising side effects, so exercise caution.

Next week, Part 3 of this article will provide a similar survey of traffic analysis, intrusion detection, and forensics tools. So stay tuned!

—End

 

Security Tools for the Budget Conscious ISP, Part II: Introduction and Vulnerability Scan and Assessment Services

Security Tools for the Budget Conscious ISP, Part II: Network Vulnerability Assessment Tools

Security Tools for the Budget Conscious ISP, Part II: System Vulnerability Assessment Tools

Security Tools for the Budget Conscious ISP, Part II: Web Vulnerability Assessment Tools

Security Tools for the Budget Conscious ISP, Part II: Security Administration Tools

Security Tools for the Budget Conscious ISP, Part II: Security Audit Tools and Conclusion