Security tool closes loopholes
- By Earl Greer
- Feb 13, 2001
Many experienced PC users believe that it's difficult to break into Microsoft
Corp.'s Windows NT and 2000. But hackers' publications are filled with tricks
devised to crack into these systems.
Fortunately, the loopholes hackers take advantage of can be closed.
The problem is that agency information technology workers could face long
hours checking for the multitude of loopholes and taking steps to close
them. That's where SecurityExpressions from Pedestal Software LLC can help.
SecurityExpressions automates the entire process for you, and it can
check all of your PCs simultaneously.
Installing the utility on my Windows 2000 workstation took less than
two minutes, and the average user can learn to exercise the major functions
in half an hour. No manual came with my copy of SecurityExpressions, but
the online help was so thorough that I never missed the printed material.
SecurityExpressions' five Security Information Files (SIFs) contain
lists of potential security loopholes along with information on each loophole
and the method for fixing the problem. Together, the data for each loophole
is called a "rule."
One rule is based on a Microsoft security white paper, and another comes
from the System Administration, Networking, and Security (SANS) Institute.
Three are from the Navy: one covering domain controllers, one servers and
one workstations. You can create your own SIF using your own rules, but
for reporting purposes, I stick with established industry standards. To
start with, I chose the Microsoft file.
SecurityExpressions' main window has two major sections. The left pane
primarily shows a tree structure of hosts to be scanned, and the right pane
shows the results. After I highlighted my own workstation in the left pane
and clicked the Scan radio button, results were displayed in the right pane
within 15 seconds.
The results showed a list of the rules checked, and most were marked
with an easily understood "OK" or "Not OK." I was glad to see a large number
of loopholes that were found were closed on my PC, but there were still
51 problems to resolve.
Solving the problems involved delicate registry changes, but SecurityExpressions
enables you to fix most problems automatically. Right-clicking on each rule
gives you the options to edit the rule, add a new rule or fix the problem.
Clicking the selection to fix the problem brings up detailed information
about the problem, including how to fix it manually, and offers to fix it
for you automatically.
I was disappointed when SecurityExpressions reported that I did not
have NT Service Pack 5 installed. I was using Windows 2000, which does not
yet have a Service Pack 5. When I applied the automatic fix, I was glad
to see that my registry was not changed incorrectly. Some other items indicated
that the utility does not distinguish between Windows 2000 and Windows NT,
but I never found any error that would be a serious problem to the user.
Although all the features of SecurityExpressions can be mastered in
an afternoon, I'd recommend that it only be used by staff familiar with
Windows NT/2000 and who have more than a passing knowledge of the registry.
The left pane listed all the Windows NT/2000 PCs in my local network
neighborhood, sorted by domain and workgroups. This made it easy to select
PCs for remote scanning. My license allowed only 10 hosts to be scanned
at a time, but my impression was that remote scanning is extremely rapid.
The vendor advertises that the utility is multithreaded, which while using
a batch mode enables it to scan as many as 200 hosts quickly and simultaneously. SecurityExpressions uses the operating systems' native client/server protocols,
so you don't have to install any client software on the remote machines.
SecurityExpressions is only a few months old, but it already includes
some advanced features. One of the most important of these is a powerful
compliance querying language that enables you to report on compliance with
specific policies implemented in users and groups, files, and directories.
Built-in reports include graphics showing progress in security compliance
Using SecurityExpressions complements using a vulnerability scanner,
but it doesn't replace it. For example, it will not tell you whether all
necessary security patches have been applied. But it will check security
policy compliance, as well as many permissions, user rights, group memberships
and other potential security problems not reported by vulnerability scanners.
I would like to have seen a document describing the need for a multi-tiered
approach to security, with explanations of the importance of secure backups,
physical security of the hard drives and cost-free techniques, such as using
BIOS boot-up passwords.
Overall, SecurityExpressions is powerful and user-friendly, has a flexible
license and is reasonably priced. It is a must-have utility for organizations
with large networks and for all offices requiring tight data security.
Greer is a senior network analyst at a large Texas state agency. He
can be reached at Earl.Greer@dhs.state.tx.us.