Audit Tools That Won’t
Break the Bank
Independent Community Bankers of Minnesota
May 2, 2017
Date or by:
subtitle
Presented
Mark Scholl, Partner
© Wipfli LLP
© Wipfli LLP
1
Objectives
 Discuss
tools that can help you manage and monitor
your information systems
• Review
and verify security configuration settings
• Enumerate
system information
• Identify
vulnerabilities due to weak security settings and
missing security updates
• Remediate
vulnerabilities
 These
tools are not meant to replace many of the
quality commercial products in the marketplace!!!
© Wipfli LLP
2
Background
 These
tools do not require a strong technical
background!
 Do
not scan or install tools without authorization!!!
• May
be a violation of your acceptable use policy
• Can disrupt applications and services running on your
network
• Intrusion detection system
• Do not scan the Internet!!!
 Scanning
 Tools
tools can show false positives
demonstrated run on Microsoft systems
© Wipfli LLP
3
Open Source Freeware
 Developed
 Must
in a public, collaborative manner
be distributed according to license agreement
 Disadvantages:
• Support
– If you need help, you will have to help
yourself
• Open
source tools may not be stable in all
environments
• Open
source security is still an open question (i.e.,
reliability, security)
© Wipfli LLP
4
Tools
 Microsoft
Security Baseline Analyzer
 Windows
Sysinternals AutoRuns
 Qualys
BrowserCheck
 McAfee
Foundstone SNScan
 McAfee
Foundstone ShareScan
 Solarwinds
IP Address Tracker
 SomarSoft
DumpSec
 AChecker
© Wipfli LLP
5
Microsoft Baseline Security Analyzer (MBSA)
 http://www.microsoft.com/technet/security
 Scans
Microsoft servers and workstations
 Does
not apply updates or fix security holes – only
identifies them
 Scans
local and remote Microsoft systems
 Requires
Internet access to download XML updates to
account for new security updates
 Requires
local administrative privileges (i.e.,
Administrator, Domain Admin) for the systems you are
scanning
© Wipfli LLP
6
Microsoft Baseline Security Analyzer (MBSA)
 Critical
Security Update and Service Pack Status
• Microsoft
Workstations and Server OS
• Microsoft
Office (local scan only)
• Internet
Explorer
• Internet
Information Server (IIS)
• SQL
Server
• .Net
Framework
• Exchange
Server
© Wipfli LLP
7
Microsoft Baseline Security Analyzer (MBSA)
 Integrates
with Windows Server Update Services
(WSUS)
 Reports:
• Missing
• User
security updates, rollups, and service packs
account vulnerabilities
• Weak
security settings
© Wipfli LLP
8
Microsoft Baseline Security Analyzer (MBSA)
© Wipfli LLP
9
Microsoft Baseline Security Analyzer (MBSA)
© Wipfli LLP
10
Microsoft Baseline Security Analyzer (MBSA)
© Wipfli LLP
11
Microsoft Sysinternals Autoruns
 Part
of the Windows Sysinternals suite of tools
 http://technet.microsoft.com/en-us/sysinternals
 Audits
to show what programs are configured to autostart
during system boot and login (i.e., toolbars, add-ons, system
tray objects, and other auto-start services)
 You
can download the program or run live from the website
 Great
for identifying registry entries that automatically start
malicious code
 Warning:
You can modify or delete registry settings using this
tool!
© Wipfli LLP
12
Microsoft Sysinternals Autoruns
© Wipfli LLP
13
Other Microsoft Sysinternals Tools
© Wipfli LLP
14
Qualys BrowserCheck
 Runs
from browser
• http://browsercheck.qualys.com
 Verifies
current versions for browsers and plugins:
• Internet
• Adobe
• Apple
Explorer, Firefox, Chrome, and other browsers
Reader, Flash, Shockwave
QuickTime
• Microsoft
• Oracle
Media Player, Silverlight
Java
© Wipfli LLP
15
Qualys BrowserCheck
© Wipfli LLP
16
Qualys BrowserCheck
© Wipfli LLP
17
McAfee SNScan
 Part
of the free downloads available at the McAfee
website
 http://www.mcafee.com/us/downloads/free-
tools/index.aspx
 Scans
for devices using default SNMP settings
 Simple
Network Management Protocol is often installed
by default on many network devices – Many times this
protocol can simply be disabled
 Vulnerable
systems often include multi-function printers,
routers, switches, VoIP, and network storage
© Wipfli LLP
18
McAfee SNScan
© Wipfli LLP
19
McAfee ShareScan
 Identifies
systems with file sharing enabled
 As
a guideline, file sharing should only be enabled
on file servers
• Provides
• Data
better method for restricting access to data
is included in the FI’s backup strategy
• Reduces
risk of certain types of ransomware
© Wipfli LLP
20
McAfee ShareScan
© Wipfli LLP
21
McAfee ShareScan
© Wipfli LLP
22
Other McAfee Free Tools
 Anti-Malware
 Assessment
Tools
Utilities
 Forensic
Tools
 Software
Application Security Services (SASS)
Tools
 Intrusion
Detection Tools
 Scanning
 Stress
Tools
Testing Tools
© Wipfli LLP
23
SolarWinds IP Address Tracker
 http://www.solarwinds.com/products/freetools/ip-
address-tracker/
 Inventory
network devices (asset control)
 Identify
used IP addresses and DNS system names
 Identify
rogue connections
 Add
comments to report output
 Export
to Microsoft Excel
© Wipfli LLP
24
Solarwinds IP Address Tracker
© Wipfli LLP
25
SomarSoft DumpSec
 http://www.somarsoft.com
 Auditing
Microsoft domain user accounts
 Does
not require administrative privileges
 Audit
tool for reporting on:
• User
accounts
• Password requirements
• Group membership
• File share permissions
© Wipfli LLP
26
Somarsoft DumpSec
© Wipfli LLP
27
Somarsoft DumpSec
© Wipfli LLP
28
Somarsoft DumpSec – User Accounts
© Wipfli LLP
29
Somarsoft DumpSec – Group Membership
© Wipfli LLP
30
Somarsoft DumpSec – Security Policies
© Wipfli LLP
31
AChecker - ADA Website Compatibility
Checker
 Assists
to determine whether your website is
compliant with ADA guidelines
 http://achecker.ca/checker/
 Results
reference specific sections of the Web
Content Accessibility Guidelines (WCAG) 2.0
© Wipfli LLP
32
AChecker - ADA Website Compatibility
Checker
© Wipfli LLP
33
Other Audit Tools
 DSQuery/DSGet
 Powershell
 Spiceworks
 Nmap/Zenmap
 Netwrix
Auditor
 Splunk
 Kali
Linux
© Wipfli LLP
34
Questions
© Wipfli LLP
35
Contact Information
Mark Scholl
Partner
Wipfli LLP
815.626.1277
[email protected]
Certified Ethical Hacker (CEH)
Certified Information Systems Auditor (CISA)
Certified Information Systems Security
Professional (CISSP)
Microsoft Certified Systems Engineer (MCSE)
© Wipfli LLP
36
www.wipfli.com/fi
© Wipfli LLP
37