Solved

Reporting tool for active directory and NTFS security auditing

Posted on 2014-02-25
2
628 Views
Last Modified: 2014-09-03
I'm looking for an all-in-one tool that can report on our Active Directory and NTFS structure from a security standpoint. The organization I work for is preparing to be audited by HIPAA and are looking for a paid solution that can help us get ready.
0
Comment
Question by:kj_syence
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 41

Accepted Solution

by:
Adam Brown earned 500 total points
ID: 39886334
Nessus: http://www.tenable.com/products/nessus
Retina: http://www.beyondtrust.com/

Those are the two big vulnerability baseline programs that are available. They can go through your servers and check against a database of existing vulnerabilities so you can either address or document them for HIPAA. There are some other free tools you might want to use like DumpSec: http://www.experts-exchange.com/Software/Server_Software/Active_Directory/Q_28373896.html which will export ACL and User information.

Those should give you enough to have the information you need to prepare for HIPAA. It should be noted, though, that HIPAA controls care more about encryption and data security than they do network vulnerabilities. Vulnerabilities are a part of it, but you'll get dinged a lot harder if you aren't ensuring encryption of PII data if it leaves your environment.
0

Featured Post

Office 365 Training for IT Pros

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question