?
Solved

What is a good tool for auditing Windows security and performance???

Posted on 2011-04-20
16
Medium Priority
?
547 Views
Last Modified: 2013-12-06
I want to audit several Windows 2008 servers to find out if there are any security issues exist on the server, like any patches, updates, any vulnerabilities, open ports, etc....

What are some good auditing applications to use for these purposes? whether free or paid.

Also what would be a good tool for auditing the current performance of the  server on the network??

Thanks.
0
Comment
Question by:johnsar
  • 8
  • 5
  • 2
  • +1
16 Comments
 

Author Comment

by:johnsar
ID: 35438291
Thanks. but i still want to know more tools.

I also want to audit the performance.
0
 
LVL 11

Expert Comment

by:sumeshbnr
ID: 35438306
use perfmon in windows built in it is good one .type perfmin in run
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 

Author Comment

by:johnsar
ID: 35438661
its something. but i still want more ideas.
0
 
LVL 81

Expert Comment

by:arnold
ID: 35440075
Setup an internal WSUS for patch/update management
splunk help in the log auditing
snmp/snmprtap could be used to generate events as well as see what is currently installed on the system
Your question deals with "a tool"
If you want to rephrase your question to deal with what you are actually looking for, that may help.
0
 

Author Comment

by:johnsar
ID: 35440355
arnold: can you  tell me how to setup and configure SNMP on windows 2008 server or i should create another question for SNMP????
0
 

Author Comment

by:johnsar
ID: 35440378
also when i say tool, i mean a software. to do performance testing and security.
0
 
LVL 81

Expert Comment

by:arnold
ID: 35440531
you add it under the appwiz.cpl (the short way to get to the programs control panel through the start\run)  "Turn windows feature on or off".
navigate to the, "Single Network Management Protocol (SNMP)" and check the box for both.
Here is a graphical step by step using the server manager interface:
http://aaronwalrath.wordpress.com/2010/06/02/monitoring-windows-server-2008-r2-with-snmp-and-cacti/
 
then using evntwin to configure the mapping from the eventlog events to SNMPrtap.
You would then need to have a server that will be listening for the traps.
linux if an option for you can be used as the monitoring platform
http://www.opennms.org
http://www.nagios.org (monitoring i.e. make sure your systems/services are up and running and if not generate notifications (email, page, etc.)
http://www.networkuptime.com/tools/enterprise/
cacti.net is a data collection tool that when configured can collect information on systems as well as application when counters are accessible via SNMP.
CPU, memory, process, network traffic, etc.

I think cacti also has templates available that will collect data from your system using WMI calls, have not tried it myself.

If you have do not have a linux/unix server already in the environment, using an older workstation will fit the bill (ubuntu server/Centos/debian) are a few of the common and are fairly straight forward to setup.
0
 
LVL 81

Expert Comment

by:arnold
ID: 35440544
security nmap is a network port analyzer,
nessus http://www.tenable.com/ is a security analysis tool
0
 

Author Comment

by:johnsar
ID: 35445623
arnold: thanks for Nessus. i will be downloading it.

For SNMP, i am not familiar with Linux or Unix, i have a few Windows 2008 servers.

Can I do that on windows operating system?? or it should be done on Linux based systems only?

i mean the server that listens for the traps.
0
 
LVL 81

Expert Comment

by:arnold
ID: 35445681
You can have snmptrapd service running and then configure the other servers to send their traps to this one.
You might want to use Nagios as the monitoring tool as well as have it receive the snmptrapd events.
Other than using nagios for windows as a trap destination, I am also not sure what options are available.
For windows this might work:
http://linux-snmp-gui.qarchive.org/
opennms.org for snmptrap destination along with other features that it supports.

If you have the time to explore and you would use VMware, virtualbox to setup a VirtualMachine on which you can install one of the linux distribution (ubuntu server/centos) and see what it has to offer, the resources it needs for the OS and operating the system is lower than those for windows thus you could use any of your old desktop computers for this purpose.
0
 

Author Comment

by:johnsar
ID: 35445726
is this what would i need as a destination server for traps???

http://exchange.nagios.org/directory/Distributions/Nagios-Core-32bit-Windows-Installer/details
0
 

Author Comment

by:johnsar
ID: 35445752
arnold: how about a tool like this as the SNMP managemet tool?

http://www.iphostmonitor.com/snmp-monitoring.html?gclid=CMeglZuUr6gCFQPTbgodIA0iHg

and then I can install the agent on the windows server to gather stats by that tool?

it wouldnt work like that? or i still need to have a server that listens for the traps as u said????
0
 
LVL 81

Expert Comment

by:arnold
ID: 35447399
It should work, it will handle the monitoring (polling the hosts for SNMP data) and generating alerts based on data and settings/configuration.
I do not think it handles the SNMPTRAP events.
I think you would need something like opennms which has one of its options an snmptrapd listener.
I'd say setup the various tools and then narrow down from that.
opennms.org has the data collection polling/monitoring plus snmptrap receiver and can generate notification.


0
 
LVL 4

Accepted Solution

by:
vak73 earned 500 total points
ID: 35481108
You can try this for automating patch deployments:
http://www.manageengine.com/products/desktop-central/windows-patch-management.html

It works for both Microsoft and non-Microsoft applications
0
 

Author Closing Comment

by:johnsar
ID: 35758800
wasnt complete.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Suggested Courses
Course of the Month9 days, 7 hours left to enroll

612 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question