Solved

Unauthorised software and devices & asset mgmt

Posted on 2012-03-15
2
315 Views
Last Modified: 2012-03-22
A couple of questions:

1) Is there any way to audit in your AD:

1a) Non approved devices that have connected to your Network - and report immediately to an admin for investigation?

1b) Non approved software that has crept on to either one of your Servers or Workstations (do you create an approved list of allowed software)

1c) And major change to say a baseline workstation, such as opening ports, changing services, changing user perms etc

1d) Exact versions of software running on devices

In terms of 1b - If users dont have local admin authority, is there still a need to audit what software has crept onto their machines

What tools would you recommend can cover the above?
0
Comment
Question by:pma111
2 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37725310
Is there a way to see this information from Active Directory?
No, AD doesn't store this information.

But, you can do all of the above with system management tools like SCCM, Altiris, Radia, etc
But none of them are free.

There are free tools though are none enterprise tools and need to be run against local machines.

All of these software requires that you baseline your infrastructure first, then report on deviance's afterwards.

Your actions would be to:
1. Get the tool,
2. Deploy the tool for inventory gathering
3. Run scheduled scans and report on additions.

I think the biggest challenge you will have is that you currently don't have any control on your network. So creating a baseline for all systems wouldn't be possible, you'd have to baseline per machine.

You'll notice a common thread in my post about standardizing and getting control over your network by putting in the correct processes and procedures. Only THEN will you be able to effective manage your network and pass your PCI compliance.

Often when people learn that they will be audited they go into a flat panic and want to fix each item that broken....I've seen people pull out their hair over not getting things done before AUDIT. STOP!

You can get through audits, but recording where your problems and as long as you can mitigate the risk then you're fine, until the next audit.
Risk mitigation is as simple as telling them why it's broken, how you intend to fix it and by when you'll fix it.

If you have a decent auditor then he/she will followup on your dates.
This not a plan to NOT do the work, but by showing them that you're planning to fix it you can give yourself some time to breath and fix it properly...not just patch the hole each time.

Ultimately you want to get to a managed network.
That way, once you're compliant, you shouldn't need to spend 4 months getting ready for audit..because you've got the right procedure in place to extract the required information.
0
 
LVL 3

Author Comment

by:pma111
ID: 37751357
Thanks
0

Featured Post

Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question