We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now

x

What is a good tool for auditing Windows security and performance???

Medium Priority
571 Views
Last Modified: 2013-12-06
I want to audit several Windows 2008 servers to find out if there are any security issues exist on the server, like any patches, updates, any vulnerabilities, open ports, etc....

What are some good auditing applications to use for these purposes? whether free or paid.

Also what would be a good tool for auditing the current performance of the  server on the network??

Thanks.
Comment
Watch Question

CERTIFIED EXPERT

Commented:

Author

Commented:
Thanks. but i still want to know more tools.

I also want to audit the performance.
CERTIFIED EXPERT

Commented:
use perfmon in windows built in it is good one .type perfmin in run

Author

Commented:
its something. but i still want more ideas.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
Setup an internal WSUS for patch/update management
splunk help in the log auditing
snmp/snmprtap could be used to generate events as well as see what is currently installed on the system
Your question deals with "a tool"
If you want to rephrase your question to deal with what you are actually looking for, that may help.

Author

Commented:
arnold: can you  tell me how to setup and configure SNMP on windows 2008 server or i should create another question for SNMP????

Author

Commented:
also when i say tool, i mean a software. to do performance testing and security.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
you add it under the appwiz.cpl (the short way to get to the programs control panel through the start\run)  "Turn windows feature on or off".
navigate to the, "Single Network Management Protocol (SNMP)" and check the box for both.
Here is a graphical step by step using the server manager interface:
http://aaronwalrath.wordpress.com/2010/06/02/monitoring-windows-server-2008-r2-with-snmp-and-cacti/
 
then using evntwin to configure the mapping from the eventlog events to SNMPrtap.
You would then need to have a server that will be listening for the traps.
linux if an option for you can be used as the monitoring platform
http://www.opennms.org
http://www.nagios.org (monitoring i.e. make sure your systems/services are up and running and if not generate notifications (email, page, etc.)
http://www.networkuptime.com/tools/enterprise/
cacti.net is a data collection tool that when configured can collect information on systems as well as application when counters are accessible via SNMP.
CPU, memory, process, network traffic, etc.

I think cacti also has templates available that will collect data from your system using WMI calls, have not tried it myself.

If you have do not have a linux/unix server already in the environment, using an older workstation will fit the bill (ubuntu server/Centos/debian) are a few of the common and are fairly straight forward to setup.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
security nmap is a network port analyzer,
nessus http://www.tenable.com/ is a security analysis tool

Author

Commented:
arnold: thanks for Nessus. i will be downloading it.

For SNMP, i am not familiar with Linux or Unix, i have a few Windows 2008 servers.

Can I do that on windows operating system?? or it should be done on Linux based systems only?

i mean the server that listens for the traps.
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
You can have snmptrapd service running and then configure the other servers to send their traps to this one.
You might want to use Nagios as the monitoring tool as well as have it receive the snmptrapd events.
Other than using nagios for windows as a trap destination, I am also not sure what options are available.
For windows this might work:
http://linux-snmp-gui.qarchive.org/
opennms.org for snmptrap destination along with other features that it supports.

If you have the time to explore and you would use VMware, virtualbox to setup a VirtualMachine on which you can install one of the linux distribution (ubuntu server/centos) and see what it has to offer, the resources it needs for the OS and operating the system is lower than those for windows thus you could use any of your old desktop computers for this purpose.

Author

Commented:
is this what would i need as a destination server for traps???

http://exchange.nagios.org/directory/Distributions/Nagios-Core-32bit-Windows-Installer/details

Author

Commented:
arnold: how about a tool like this as the SNMP managemet tool?

http://www.iphostmonitor.com/snmp-monitoring.html?gclid=CMeglZuUr6gCFQPTbgodIA0iHg

and then I can install the agent on the windows server to gather stats by that tool?

it wouldnt work like that? or i still need to have a server that listens for the traps as u said????
CERTIFIED EXPERT
Distinguished Expert 2019

Commented:
It should work, it will handle the monitoring (polling the hosts for SNMP data) and generating alerts based on data and settings/configuration.
I do not think it handles the SNMPTRAP events.
I think you would need something like opennms which has one of its options an snmptrapd listener.
I'd say setup the various tools and then narrow down from that.
opennms.org has the data collection polling/monitoring plus snmptrap receiver and can generate notification.


Commented:
Unlock this solution and get a sample of our free trial.
(No credit card required)
UNLOCK SOLUTION

Author

Commented:
wasnt complete.
Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.