Parsing Local Windows Groups

James TaralaBaselining, Scripting, Windows Auditing

One step that has become a staple part of any audit of Microsoft Windows systems is a listing of all the local groups on the system. Listing all the groups on a system with all the members of that group can help establish a baseline for the security configuration of a system. Certainly groups like the local Administrators group is … Read More

Continuous Monitoring with PowerShell

James TaralaWindows Auditing

Welcome back from the holidays! I imagine many of you are just returning from the holidays and are ready get started on those new year’s resolutions. If one of them was to implement continuous monitoring or learn more about scripting, do I have a treat for you! Now that I’m back from some holiday travel myself, I think it’s time … Read More

Scripting Automation for Continuous Auditing

James TaralaAuditing

One of the topics that we have been discussing with organizations a great deal lately is the idea of automation in regards to continuous auditing. Said a different way, the standard audit model involves auditors making a list of audit scopes that they want to cover in the course of a year. Then, one at a time, the auditor interviews … Read More

Parsing Lynis Audit Reports

James TaralaUnix Auditing

Last week we passed along some information on a Unix audit tool called Lynis, maintained by Michael Boelen (http://www.rootkit.nl/projects/lynis.html). The value of this tool is that it is an open script that auditors can give to system administrators to run on their Unix servers in order to assess specific technical security controls on the system. If an auditor chose to … Read More

Unix Auditing with Lynis

James TaralaUnix Auditing

One of the questions I get asked often times in our audit classes is how to automate data collection from systems in a way that system administrators will trust. The problem is that there are a number of tools available for doing data collection, but often times those tools are compiled with no easy way to do code review on … Read More

New SANS Audit Course (407) Live

James TaralaAssurance

The rumors are true, there is a new SANS audit class on the SANS courseware bookshelf. The course is Audit 407 – Foundations of Information Systems Audit. It’s a prequel to the SANS Audit 507 course and is meant to prepare auditors with the baseline of knowledge necessary to take them from being just a security professional to being an … Read More

Script for Network Adapter Configuration Baselines

James TaralaAssurance

So in this series of blog articles so far we have identified a number of different baseline scripts written in PowerShell. We hope that auditors and others will be able to take this scripts, modify them for their own purposes and use them for baselining the systems that they are evaluating. This week we found ourselves in the position of … Read More

Script for Network Share Baselines

James TaralaAssurance

Today we’re going to continue blogging about scripts that we can use to create system baselines. (For a primer on why you might want to consider performing a system baseline or for a process for performing system baselines, check out our previous blog entries here.) As we discussed earlier as well, we are going to rely primarily on PowerShell to … Read More

Script for Locally Installed Software Baselines

James TaralaAssurance

Today we’re going to continue blogging about scripts that we can use to create system baselines. (For a primer on why you might want to consider performing a system baseline or for a process for performing system baselines, check out our previous blog entries here.) As we discussed earlier as well, we are going to rely primarily on PowerShell to … Read More

Script for Local User and Group Baselines

James TaralaAssurance

In keeping with my New Year’s resolutions, I want to continue posting information on how an auditor might take advantage of baselines when performing an Information System (IS) audit. Certainly I hope system administrators will be able to take advantage of this information as well when performing their own Control Self Assessments (CSAs). For a primer on why you might … Read More