Areas that you can consider auditing include access control (NTFS, permissions, etc.), data integrity, data security, physical access, and unprotected default accounts. Two products that perform such auditing are Intrusion Detection's KSA and Somarsoft's DumpAcl.
KSA produces a thorough set of reports based on a set of industry best practices. These reports help assess your network's security in six areas: password strength, access control, user account restrictions, system monitoring, data integrity, and data confidentiality. (Screen A shows KSA.) The product doesn't change your system settings but makes recommendations. This approach is by design: Better that you know about the problems and fix them than have software changing critical parameters without your involvement.
The software includes password cracking and evaluation of user privilege levels and can show the permissions assigned on NTFS volumes. You can customize the program to fit your company's policies, and it can keep a history of your audits. In addition to the NT version, a version is available for Novell networks, so administrators working in a mixed environment can secure the entire network.
DumpAcl audits the permissions on the resources in your network, including the local and shared permissions on files, printers, and the Registry. The program's reporting by exception reduces the volume of the report when most files have consistent permissions. Screen B shows a report by exception from DumpAcl. You can view the reports by user rather than by directory, as you see in Screen C, and display the account policies, as in Screen D.
Somarsoft produces a related utility, DumpEvt for NT. It dumps the Event Log in a format suitable for importing into a database.
DumpReg is another Somarsoft program for NT and Windows 95. It dumps Registry values into an easy-to-use listbox. DumpReg shows the time of a Registry entry's last modification and can sort by time, which makes finding recently modified Registry entries easy.
