You can simplify and streamline your patch management and security update process, and clean up system tracks with this month’s tools.
As recent headlines attest, if your machines aren’t patched and up-to-date, you’re vulnerable and open to attack. The extent of this can be anything from a mild nuisance to full data security breach with significant loss. Keeping your machines up-to-date can be a headache, however, without an effective patch management and deployment tool.
Corporate Software Inspector (CSI) from Secunia can help ease the process. CSI scans your machines with or without agents, correlates the data it gathers with a repository of application data, and determines if any of those systems are missing patches or service packs, or are at end of life. You don’t even have to leave your desk. With each notification, you also get a criticality rating that helps you determine the risk level of each unpatched or outdated application. Once you’ve determined what you want to patch, CSI can repackage and publish patches directly to your Microsoft Windows Server Update Services (WSUS) server. From there you can approve and manage distribution and track deployment status.
As with most scanning utilities, CSI can operate with installed agents or can be agent-less via standard Windows networking services. Installed agents give you the flexibility of being able to support varied network topologies and scan systems that aren’t always online. If you prefer to run agent-less, but you have multiple network segments, you can also run CSI in an “appliance” mode. You scan from a central host on each segment and report back to the main installation. You can also run scans via the command line, and schedule and automatically scan hosts.
If you have a straightforward network topology and Windows domain structure, getting started is simple. Install the application and scan the network. You’ll get a report showing you security “score” percentages along with tallies of insecure, end-of-life and patched applications. The reports can drill down to individual systems as well.
When you encounter an insecure application, click on the Secunia Advisory ID (SAID) within the detail view. This will take you to the Secunia Web site, where you’ll see a detailed view of the security issues, including the criticality rating, affected OSes, details on the vulnerabilities, references, and solutions for patching or configuring the system to remedy the situation.
The CSI interface is broken up into the standard left pane for navigation and right pane for details. The navigation pane is split into self-explanatory areas including Scanning, Results, Reports, Patch, Configuration and Support. CSI keeps a record of all scans, results and patches. Over time, you’ll have some valuable trending information and useful reports on your organization’s status and application activities. This is helpful not only for ongoing security efforts, but also for software audits, budgeting and forecasting.
You can schedule scans and reports and send the results via SMTP to one or more e-mail addresses. Report types include an executive summary showing current vulnerability and patch management state, an administrative report for compliance or auditing, a host-level report with system details, and a program report showing patch status for a particular application across your network.
Secunia CSI is priced by the number of hosts, and starts at $2,900 per year for the Small Business edition. This is limited to fewer than 100 hosts. The Professional and Enterprise editions can integrate directly with Microsoft System Center Configuration Manager. There’s also a free trial of Secunia CSI available for download from the product Web site after registration.
Patch management is a critical component of a secure and successful network. If you’re looking to shore up your environment, consider evaluating Secunia CSI as your next layer of protection.
When you’re creating system images or repurposing machines to other users, it’s a good idea to ensure that you’ve cleaned up the “fingerprints” left behind by your configuration steps or by the previous user’s day-to-day activities. Another reason to trim down and clean up a system is to reduce the amount of time spent backing up the resource. Disk space may be cheap, but time is precious. And, of course, cleaning up those tracks also helps you maintain a bit more of your privacy as well.
One tool that can help keep your disks clean and closer to being “fingerprint free” is the open source and community-supported BleachBit. This is a simple but effective tool for both Linux and Windows systems. On Windows, it’s available in both installable and portable formats. You can either keep it as an installed application or add it your PortableApps or similar USB utility key and bring it with you from desktop to desktop.
Besides the primary GUI, you can also run BleachBit from the command-line. This is great for automation and scripting images, pre-backup activities, system logoff routines and the like. To start the “bleaching of the bits” on your system, launch the application, check off the boxes for the cleaning types you’d like to do, and click Delete. There’s also a Preview button that gives you a list of the items to be deleted before you delete them if you so choose.
BleachBit can clean more than 90 applications, including the standards like Microsoft Office, Adobe Flash Player, Adobe Reader, Java, Windows Explorer and other browsers. The latest version of BleachBit for Windows also lets you choose to download and automatically import winapp2.ini cleaner files. This will give you more than 500 additional “cleaners.”
When you run BleachBit, it shows you the cleaners applicable to your system, so you won’t be overrun with cleaning options. Click on the application header to see a detailed pane describing what each subcomponent will clean. For example, the Windows Explorer group has subcomponents for wiping most recently used lists, recent document lists, the run history, the search history and thumbnail caches. Besides deleting the files, you can also have BleachBit overwrite files to hide the contents.
You can set up a whitelist of various files and folders to ensure they don’t get deleted. There’s also an integrated shredding tool that will overwrite files and folders directly to obliterate their remnants. There’s also a “wipe” tool that will overwrite free space on your drives with a pattern to further clean up your tracks.
So, if you’re creating system images, looking to take back some disk space, repurposing a machine or just want to clean up your system, take a look at the free, open source and portable BleachBit utility. It’s a helpful addition to your toolbox.
Greg Steenis a technology professional, entrepreneur and enthusiast. He’s always on the hunt for new tools to help make operations, QA and development easier for the IT professional.