_gaq.push(['_setAccount', 'UA-35754314-2']); _gaq.push(['_setDomainName', 'securityeverafter.com']); _gaq.push(['_trackPageview']); Security Ever After: Control 2 - Inventory of Authorized and Unauthorized Software var _gaq = _gaq || []; (function() { var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true; ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js'; var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s); })();

Tuesday, May 17, 2011

Control 2 - Inventory of Authorized and Unauthorized Software

Control 2 focuses on knowing the software that is installed on workstations and servers throughout your organization. Like Control 1, this may seem overwhelming at first. However, once you have started to gain momentum, this one should not be difficult to maintain.

Start with an initial assessment from these tools to begin the process of realizing what software is installed. An immediate benefit is knowing what plugins such as Adobe Reader and Flash Player are out of date and need to be updated.

Ways to Implement this Control:

1 - Use the software inventory report in Kaspersky Anti Virus that lists each software package and version. This is a great way to leverage an existing tool to do something new. 

2 - Software Inventory Report in Microsoft SMS or Dell Kace (KBox) that listed each software package.

3 - For Linux hosts, the Splunk *NIX app has a standard report package Latest Packages by Host that can also be automated.

These reports are a good to send to junior team members. It will let them become involved in securing the network as they begin to gain understanding of what software should be installed and learning from you the proper response when something unexpected is found.

1 comment:

  1. I truly appreciate this post. I¡¦vet been looking all over for this! Thank goodness I found it on Bing. You have made my day! Thanks again

    online inventory software