Here are some links to software/articles that will help you Audit your windows server(s):
Software:
- MS baseline security Analyzer
- Security audit/scanner
- NESSUS
- nmap Security Scanner
- Framework for Auditing
- Exploits for Testing
Articles:
– Suramya
April 10, 2005
Tools to Audit a Windows Server
List of Datawipe Tools
Below are some software that allows you to delete data from disks securely. All of them are pretty efficent and make it difficult for someone to recover the data. However keep in mind that no data is 100% unrecoverable to those who have sufficient time and money.
So it you have some really sensitive data that you have to destroy look into purchasing a furnace and melt the disks down and then destroy the remains.
Software for Data Wiping:
DBAN:
Darik’s Boot and Nuke (’DBAN’) is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
It’s a bootable floppy image that sterilizes IDE hard disks on x86 machines.
BCWipe software is designed to securely delete files from disks and other media
The utilities on this page allow you to destructively wipe/delete/erase a file, a disk (floppy disks, hard disks, etc), or a partition.
Active@ KillDisk is a powerful and compact DOS software that allows you to destroy all data on hard and floppy drives completely, excluding any possibility of future recovery of deleted files and folders.
Eraser is a powerful system security utility developed on the basis of advanced studies and research.
April 9, 2005
System log management Applications and Resources
Programs to monitor the Log files for multiple computers running Windows 2000/XP/NT/2003.
GFI LANguard S.E.L.M. can analyze application, system and other event logs. You can back up and clear event logs on all remote machines in your network automatically; and view, report and filter events network-wide, instead of just per machine. GFI LANguard S.E.L.M. collects all events in one central database, making it easy to create network-wide reports and custom filters. Using the custom rules, you can create your own event alerts based on event ID, condition and event contents.
syslogng provides a centralised, securely stored log of all devices on your network, whatever platform they run on. And syslog-ng also incorporates a host of powerful features, including filtering based on message content, as well as customisable data mining and analysis capabilities.
Kiwi Syslog Daemon is a freeware Syslog Daemon for Windows. It receives, filters, logs, displays and forwards Syslog messages and SNMP traps from hosts such as routers, switches, Unix hosts and any other syslog enabled device.
A site dedicated to pulling together a repository of useful information on log analysis for computer security
Implementing Central Logging Server
This document attempts to provide a practical guide for implementing a centralized syslog server at an Enterprise level. The document includes details on porting cross platform logs to a central syslog server, porting messages to a database and real time viewing and querying of the logs
Update (12th May 2005):
Log parser is a powerful, versatile tool that provides universal query access to text-based data such as log files, XML files and CSV files, as well as key data sources on the Windows® operating system such as the Event Log, the Registry, the file system, and Active Directory®.
SecurityFocus has a good article explaining how to use the logparser.