Terminating services

Posted on 2011-10-06
Last Modified: 2012-05-12
Hey - our auditors need to run some domain wide vulnerability scans of our servers and workstations. To do so requires domain level admin rights.

As windows admins yourselves - how practical is it to monitor the performance these scans are having - and terminate the scans remotely if its deemed to be having a network performance impact? What tools can be used to monitor domain performance of these scans - and what tools can be done to terminate there scanning tools remotely from the admins desk?

Also - what would a back out plan include for auditors running vulnerability assessments? What technical controls are in place for a "back out" plan around users running vulnerability scanning software?
Question by:pma111
    LVL 3

    Author Comment

    Plsu are there any periods of times when admins would not want auditors doing such scans. Can you give some examples on why an admin wouldnt want audit to do scans at a given time?
    LVL 1

    Accepted Solution

    1. Depending on the scanning software they are using the ability to stop a scan or to stop scanning a particular IP or block of IP's is typically very easy to to.

    2. (not part of your question but a lesson I've learned) Do an assessment of any trouble spots that you expect will have issues (Citrix Gateway Servers in our case), and schedule those for an independent time when you can be more attentive in watching those machines

    3. Scans during backup times have proven to be challenging sometimes. We do use a SAN but for weekly backups (as opposed to the nightly incremental backups) we will pause scanning for a few hours to allow backups to finish.

    4. We also have critical IP ranges that we don't scan during business hours, our mission critical apps are always scheduled during low-use periods.

    5. the Back Out Plan for scanning is usually just to turn off the scanning software. If you've got a local agent installed on each workstation it will probably be more involved. I would check with the scanning software you're using, If it does have an automated way to install this client, there's likely an automated way to back it out also.

    6. As far as domain-wide monitoring tools, I've never used any. We have a plethora of tools like Nagios, and HP OV, and such to watch workstations and traffic flows. These have been enough to show us issues when they do come up.

    7. Final bit of advice: Make sure you've got the scans scheduled and know (or can easily access) what part of your network is being scanned at any given time. If you do have problems during a scan you'll want to be able to turn of the scan quickly to get service restored, but then later be able to determine if it was a problem caused by the scanning, or just a coincidence.
    LVL 3

    Author Comment

    >>1. Depending on the scanning software they are using the ability to stop a scan or to stop scanning a particular IP or block of IP's is typically very easy to to.

    Can you go into a bit more detail on how and with what tools an admin could monitor the scans impact and terminate it if needs be? I am more from the auditor side and not familiar with the tools available to stop the scan or monitor the impact it is having

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    IT, Stop Being Called Into Every Meeting

    Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

    Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
    ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
    This tutorial will give a short introduction and overview of Backup Exec 2014 and the additional features that have been added over its predecessor Backup Exec 2012. As with Backup Exec 2012, the Backup Exec button in the upper left corner. From her…
    This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now