Penetration Testing mailing list archives
Re: [PEN-TEST] ForixNT, the NT Audit Toolkit
From: H Carvey <keydet89 () YAHOO COM>
Date: Thu, 31 Aug 2000 22:10:44 -0000
I should have elaborated, there seems to be no
autofix or reports, the
examples of what is audited seem limited in
comparison to the likes of STAT
and securityExpressions. That been said we had
a long conversation at work
I didn't realise that it was open source, a real
bonus in my opinion
ForixNT is a toolkit more so than a static product. The purpose of ForixNT and it's design is to provide the NT admin with the flexibility and extensibility needed in today's environments. ForixNT is aimed not only at NT admins, but consulting organizations, as well. The members of the ForixNT team all have experience as security consultants, and none has ever visited a site that did not have NT. While there are many tools available that perform network-based scans of systems (and do a very comprehensive job) of both NT and Un*x systems (SAINT, SARA/TARA, Nessus, to name a few), none of them performs as comprehensive a job in auditing NT as ForixNT. You're absolutely right...ForixNT has no full-blown reporting capability. ForixNT is comprised of modules that collect specific information. It's the modular nature that gives the toolkit it's flexibility.
That being said I have been looking at agentless
NT scanners for a while
now, the main contenders seem to be
SecurityExpressions and STAT, in
addition ISS Internet Scanner will allegedly
scan a host if presented with
an admin account.
While ForixNT's main purpose is that of an agentless scanner, it is more of a toolkit.
STAT and SecurityExpressions will do similar,
you can group machines of a
particular type ie you can audit workstations to
one ruleset servers to
another.
You can do the same with ForixNT. In fact, you can completely configure scans based on the type of system. This is covered in the HTML documentation that comes with ForixNT.
Without autofix can you ensure compliance? you
can observe compliance and
recommend changes.
ForixNT is a toolkit, and is marketted as a service. The ability to perform fixes, based on any criteria, is additional...and yet, still less expensive than most commercial scanners. ForixNT is packaged this way for a reason. The base ForixNT, which is used to collect information, is inexpensive, and easy to use. For the price, the NT admin can audit any number of systems, as many times as he or she wishes...there are NO licensing limitations based on numbers of machines. Including the update capability would have increased the size and cost of the base package, and we made the business decision not to do so at this time...it's separate. As yet, we have not received feedback from any ForixNT user regarding this packaging structure.
STAT and SecurityExpressions will do similar,
Included with
SecurityExpressions is the US Navy audits for
workstations Servers and
Domain Controllers, and a Sans audit.
By these, I guess you are referring to the configuration guides. If so, we do not provide those due to legal issues of providing them in a for-pay package...we decided not to pursue licensing or consent.
Moreover, the autofix feature
will ensure an exact compliance
throughout your enterprise.
With the update capability added to ForixNT, this is rather simple. In fact, you can not only roll out updates to the Domain Account Policy and Audit Policy (for example), based on Workstation, Server, or DC...but an NT admin can configure the updates any way she pleases...so that the workstations in Finance, for example, get a slightly different policy update than those in Payroll. And maybe I'm missing something...but how does an autofix feature ensure "exact compliance"...perhaps more importantly, what do you mean by "ensure an exact compliance"?
STAT also gives a fuller
analysis of the vulnerability and grades the
significance of the
vulnerability.
ForixNT is a policy-based security management tool. One thing we disagreed with is the arbitrary designation of what constitutes a "vulnerability" and it's "severity". Most, if not all, commercial tools have no place to enter firewall locations and rulesets, addressing schemes, location and number of DNS server, etc...all security concerns. So rather than arbitrarily deciding what a "vulnerability" is, we made the decision to pursue policy-based security management (which is explained in a paper...that was presented at Usenix...at the ForixNT web site). This is why we feel that ForixNT is such a powerful toolkit. Yes, the main script that drives the ForixNT toolkit is command line, but it's a place for admins to start. We are currently compiling feedback from ForixNT users in developing a GUI...a GUI can be very limiting if designed in correctly. Our entire goal from the beginning has been to NOT pigeon-hole NT admins into just one way of doing things. H. Carvey Lead Developer, ForixNT
Current thread:
- [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 29)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Talisker (Aug 30)
- <Possible follow-ups>
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Teicher, Mark (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Talisker (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)