What is a good tool for auditing Windows security and performance???

I want to audit several Windows 2008 servers to find out if there are any security issues exist on the server, like any patches, updates, any vulnerabilities, open ports, etc....

What are some good auditing applications to use for these purposes? whether free or paid.

Also what would be a good tool for auditing the current performance of the  server on the network??

Thanks.
johnsarAsked:
Who is Participating?
 
vak73Commented:
You can try this for automating patch deployments:
http://www.manageengine.com/products/desktop-central/windows-patch-management.html

It works for both Microsoft and non-Microsoft applications
0
 
johnsarAuthor Commented:
Thanks. but i still want to know more tools.

I also want to audit the performance.
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
sumeshbnrCommented:
use perfmon in windows built in it is good one .type perfmin in run
0
 
johnsarAuthor Commented:
its something. but i still want more ideas.
0
 
arnoldCommented:
Setup an internal WSUS for patch/update management
splunk help in the log auditing
snmp/snmprtap could be used to generate events as well as see what is currently installed on the system
Your question deals with "a tool"
If you want to rephrase your question to deal with what you are actually looking for, that may help.
0
 
johnsarAuthor Commented:
arnold: can you  tell me how to setup and configure SNMP on windows 2008 server or i should create another question for SNMP????
0
 
johnsarAuthor Commented:
also when i say tool, i mean a software. to do performance testing and security.
0
 
arnoldCommented:
you add it under the appwiz.cpl (the short way to get to the programs control panel through the start\run)  "Turn windows feature on or off".
navigate to the, "Single Network Management Protocol (SNMP)" and check the box for both.
Here is a graphical step by step using the server manager interface:
http://aaronwalrath.wordpress.com/2010/06/02/monitoring-windows-server-2008-r2-with-snmp-and-cacti/
 
then using evntwin to configure the mapping from the eventlog events to SNMPrtap.
You would then need to have a server that will be listening for the traps.
linux if an option for you can be used as the monitoring platform
http://www.opennms.org
http://www.nagios.org (monitoring i.e. make sure your systems/services are up and running and if not generate notifications (email, page, etc.)
http://www.networkuptime.com/tools/enterprise/
cacti.net is a data collection tool that when configured can collect information on systems as well as application when counters are accessible via SNMP.
CPU, memory, process, network traffic, etc.

I think cacti also has templates available that will collect data from your system using WMI calls, have not tried it myself.

If you have do not have a linux/unix server already in the environment, using an older workstation will fit the bill (ubuntu server/Centos/debian) are a few of the common and are fairly straight forward to setup.
0
 
arnoldCommented:
security nmap is a network port analyzer,
nessus http://www.tenable.com/ is a security analysis tool
0
 
johnsarAuthor Commented:
arnold: thanks for Nessus. i will be downloading it.

For SNMP, i am not familiar with Linux or Unix, i have a few Windows 2008 servers.

Can I do that on windows operating system?? or it should be done on Linux based systems only?

i mean the server that listens for the traps.
0
 
arnoldCommented:
You can have snmptrapd service running and then configure the other servers to send their traps to this one.
You might want to use Nagios as the monitoring tool as well as have it receive the snmptrapd events.
Other than using nagios for windows as a trap destination, I am also not sure what options are available.
For windows this might work:
http://linux-snmp-gui.qarchive.org/
opennms.org for snmptrap destination along with other features that it supports.

If you have the time to explore and you would use VMware, virtualbox to setup a VirtualMachine on which you can install one of the linux distribution (ubuntu server/centos) and see what it has to offer, the resources it needs for the OS and operating the system is lower than those for windows thus you could use any of your old desktop computers for this purpose.
0
 
johnsarAuthor Commented:
is this what would i need as a destination server for traps???

http://exchange.nagios.org/directory/Distributions/Nagios-Core-32bit-Windows-Installer/details
0
 
johnsarAuthor Commented:
arnold: how about a tool like this as the SNMP managemet tool?

http://www.iphostmonitor.com/snmp-monitoring.html?gclid=CMeglZuUr6gCFQPTbgodIA0iHg

and then I can install the agent on the windows server to gather stats by that tool?

it wouldnt work like that? or i still need to have a server that listens for the traps as u said????
0
 
arnoldCommented:
It should work, it will handle the monitoring (polling the hosts for SNMP data) and generating alerts based on data and settings/configuration.
I do not think it handles the SNMPTRAP events.
I think you would need something like opennms which has one of its options an snmptrapd listener.
I'd say setup the various tools and then narrow down from that.
opennms.org has the data collection polling/monitoring plus snmptrap receiver and can generate notification.


0
 
johnsarAuthor Commented:
wasnt complete.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.