[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Reporting tool for active directory and NTFS security auditing

Posted on 2014-02-25
2
Medium Priority
?
642 Views
Last Modified: 2014-09-03
I'm looking for an all-in-one tool that can report on our Active Directory and NTFS structure from a security standpoint. The organization I work for is preparing to be audited by HIPAA and are looking for a paid solution that can help us get ready.
0
Comment
Question by:kj_syence
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 43

Accepted Solution

by:
Adam Brown earned 2000 total points
ID: 39886334
Nessus: http://www.tenable.com/products/nessus
Retina: http://www.beyondtrust.com/

Those are the two big vulnerability baseline programs that are available. They can go through your servers and check against a database of existing vulnerabilities so you can either address or document them for HIPAA. There are some other free tools you might want to use like DumpSec: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28373896.html which will export ACL and User information.

Those should give you enough to have the information you need to prepare for HIPAA. It should be noted, though, that HIPAA controls care more about encryption and data security than they do network vulnerabilities. Vulnerabilities are a part of it, but you'll get dinged a lot harder if you aren't ensuring encryption of PII data if it leaves your environment.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question