Patch/Update Scanners aka Compliance Checkers
Particularly in the wake of the recent spate of Blaster worm infections—where network and system admins received advance warning of a looming vulnerability, along with patches to remedy that potential point of attack—it’s become painfully obvious that many systems either weren’t checked or were overlooked as such security patches were applied. Clearly what’s needed is an automated tool that can systematically schedule and make scans of systems on an ongoing basis.
Microsoft’s MS03-026 Scanning Tool (discussed in the preceding section) is a point instance of this kind of software, but other tools do the same kind of thing in a more general way. Microsoft’s own HFNetChk tool is also known as a Network Security Hotfix Checker and offers more general abilities along these lines (see http://www.microsoft.com/technet/security/tools/tools/hfnetchk.asp for more information). This tool has now been supplanted by Microsoft’s Security Baseline Analyzer (information and download available at http://www.microsoft.com/downloads/details.aspx?FamilyID=9a88e63b-92e3-4f97-80e7-8bc9ff836742&DisplayLang=en). Basically, the tool downloads a description of all current security updates, patches, and fixes, and can be directed to scan Windows system locally or across a network, to report on each system’s level of updates and security compliance.
The Shavlik Security Services Group actually built HFNetChk for Microsoft (www.shavlik.com) and they offer a professional version of the code (HFNetChkPro) to a broad range of commercial customers, and an even broader and more capable product called Enterprise Inspector that permits users to locate and manage security configurations across entire enterprise-class networks.
Other security vendors are beginning to offer similar security inspection and assessment tools security configuration deficiencies or apply missing patches or fixes as needed. I predict this will become a well-recognized category of system management, and that its use will be entirely routine in three years or less.