Solved

Unauthorised software and devices & asset mgmt

Posted on 2012-03-15
2
320 Views
Last Modified: 2012-03-22
A couple of questions:

1) Is there any way to audit in your AD:

1a) Non approved devices that have connected to your Network - and report immediately to an admin for investigation?

1b) Non approved software that has crept on to either one of your Servers or Workstations (do you create an approved list of allowed software)

1c) And major change to say a baseline workstation, such as opening ports, changing services, changing user perms etc

1d) Exact versions of software running on devices

In terms of 1b - If users dont have local admin authority, is there still a need to audit what software has crept onto their machines

What tools would you recommend can cover the above?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
ID: 37725310
Is there a way to see this information from Active Directory?
No, AD doesn't store this information.

But, you can do all of the above with system management tools like SCCM, Altiris, Radia, etc
But none of them are free.

There are free tools though are none enterprise tools and need to be run against local machines.

All of these software requires that you baseline your infrastructure first, then report on deviance's afterwards.

Your actions would be to:
1. Get the tool,
2. Deploy the tool for inventory gathering
3. Run scheduled scans and report on additions.

I think the biggest challenge you will have is that you currently don't have any control on your network. So creating a baseline for all systems wouldn't be possible, you'd have to baseline per machine.

You'll notice a common thread in my post about standardizing and getting control over your network by putting in the correct processes and procedures. Only THEN will you be able to effective manage your network and pass your PCI compliance.

Often when people learn that they will be audited they go into a flat panic and want to fix each item that broken....I've seen people pull out their hair over not getting things done before AUDIT. STOP!

You can get through audits, but recording where your problems and as long as you can mitigate the risk then you're fine, until the next audit.
Risk mitigation is as simple as telling them why it's broken, how you intend to fix it and by when you'll fix it.

If you have a decent auditor then he/she will followup on your dates.
This not a plan to NOT do the work, but by showing them that you're planning to fix it you can give yourself some time to breath and fix it properly...not just patch the hole each time.

Ultimately you want to get to a managed network.
That way, once you're compliant, you shouldn't need to spend 4 months getting ready for audit..because you've got the right procedure in place to extract the required information.
0
 
LVL 3

Author Comment

by:pma111
ID: 37751357
Thanks
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question