Solved

Unauthorised software and devices & asset mgmt

Posted on 2012-03-15
2
307 Views
Last Modified: 2012-03-22
A couple of questions:

1) Is there any way to audit in your AD:

1a) Non approved devices that have connected to your Network - and report immediately to an admin for investigation?

1b) Non approved software that has crept on to either one of your Servers or Workstations (do you create an approved list of allowed software)

1c) And major change to say a baseline workstation, such as opening ports, changing services, changing user perms etc

1d) Exact versions of software running on devices

In terms of 1b - If users dont have local admin authority, is there still a need to audit what software has crept onto their machines

What tools would you recommend can cover the above?
0
Comment
Question by:pma111
2 Comments
 
LVL 26

Accepted Solution

by:
Leon Fester earned 500 total points
Comment Utility
Is there a way to see this information from Active Directory?
No, AD doesn't store this information.

But, you can do all of the above with system management tools like SCCM, Altiris, Radia, etc
But none of them are free.

There are free tools though are none enterprise tools and need to be run against local machines.

All of these software requires that you baseline your infrastructure first, then report on deviance's afterwards.

Your actions would be to:
1. Get the tool,
2. Deploy the tool for inventory gathering
3. Run scheduled scans and report on additions.

I think the biggest challenge you will have is that you currently don't have any control on your network. So creating a baseline for all systems wouldn't be possible, you'd have to baseline per machine.

You'll notice a common thread in my post about standardizing and getting control over your network by putting in the correct processes and procedures. Only THEN will you be able to effective manage your network and pass your PCI compliance.

Often when people learn that they will be audited they go into a flat panic and want to fix each item that broken....I've seen people pull out their hair over not getting things done before AUDIT. STOP!

You can get through audits, but recording where your problems and as long as you can mitigate the risk then you're fine, until the next audit.
Risk mitigation is as simple as telling them why it's broken, how you intend to fix it and by when you'll fix it.

If you have a decent auditor then he/she will followup on your dates.
This not a plan to NOT do the work, but by showing them that you're planning to fix it you can give yourself some time to breath and fix it properly...not just patch the hole each time.

Ultimately you want to get to a managed network.
That way, once you're compliant, you shouldn't need to spend 4 months getting ready for audit..because you've got the right procedure in place to extract the required information.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Thanks
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Suggested Solutions

This is an article about Leadership and accepting and adapting to new challenges. It focuses mostly on upgrading to Windows 10.
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now