Windows Live Alerts
EnglishDeutsch
|
Contact
|  
   
 
Start access
Article
Support Forum
SBC FAQ
XenApp/XenDesktop
Remote Desktop Services
Terminal Services
Web Interface
Tips & Tools
Sponsors 
 
Lassen Sie sich von einem Experten Beraten

AppSense Security Analyzer compliance Print E-mail
Written by Thomas Koetzing at Wednesday, 14 June 2006

Article Details 
 
User Rating:   | 34
PoorBest 


Some month ago AppSense has release a freeware program called “Security Analyzer”. The purpose of this tool is to analyze the system environment for potential security risks. AppSense runs test for “Launch regedit.exe”, “Open a command prompt”, “Run a .vbs file”, “Obtain Network information”, “Internet – Download and Execute” and “Internet – Download, Rename and execute”. Whenever the Security Analyzer finds a security issue it tells you that it can be blocked using AppSense “Application Manager” product.

Image


What the Analyzer does not tell you is that you can simply block the same security problems using standard Microsoft Group Policies. Actually it’s just five (5) GPO’s to be AppSense “Security Analyzer” compliance!


This article describes what Group Policies are needed to be AppSense “Security Analyzer” compliance.

Security Analyzer Checklist

The following tables show AppSense statements about certain security risks followed by the related Microsoft policy to prevent the security issue. Note that some of the GPO’s are specific to your environment and you need to customize them. For sure you need additional Group Policies to enhance the security of your system or desktop.

AppSense

Obtain network information
This test runs IPconfig.exe, hostname, route and netstat.
This illustrates the users ability to obtain significant information about the network setup of their own PC.

Microsoft Group Policy Prevention

User Configuration/Administrative Templates/System
Run only allowed Windows applications
  App1.exe
  App2.exe
  App3.exe


NOTE: Make sure you find ALL Application that a user needs.

AppSense

Open a command prompt
This test will attempt to open the command prompt from the desktop.
Risk: This allows users to gain access to low level utilities which could be used to compromise the system.

Microsoft Group Policy Prevention
User Configuration/Administrative Templates/System
Prevent access to the command prompt

NOTE: Don't disable script processing, since you might have a bunch of them running during logon/logoff.

AppSense

Run a.vbs file
This test will attempt to create and execute a .vbs file (script) on your system. This file is a script that could potentially be used to cause damage to your computer or propagate a virus. In this case the script is harmless.

Risk: A user could run VBS files, which are commonly used for malicious purposes such as viruses.

Microsoft Group Policy Prevention

User Configuration/Windows Settings/Security Settings/Software Restriction Policies
/Additional Rules/Path Rules

\\FileServer\FileShare\%UserName%
%TEMP%


NOTE: %TEMP% blocks Program execution in the User TEMP folder. Make sure you use the UNC for Homedrives etc. (%UserName% is optional).

AppSense
There are a number of other security-oriented tests that can be run, either sequentially or on an
individual basis depending upon your requirements.
Microsoft Group Policy Prevention

User Configuration/Administrative Templates/System
Prevent access to the registry editing tools

User Configuration/Administrative Templates/Windows Components/Windows Explorer
Hide these specified drives in My Computer Enabled (optional)
Prevent access to drives from My Computer


And there is a huge number of other Microsoft Group Policies to enhance the security!

NOTE: Don't disable regedit in silent mode if you apply regfiles during logon.



Microsoft Group Policy Management Console (GPMC)

Review the GPMC screen shoot for all needed Group Policies. The Software Restriction Policies Enforcement is optional but the local Administrator exception might be a good idea.


Image



Check the Security Analyzer compliance

Run the Security Analyzer as a standard user to review if your desktop is now secure.

Image



Summary

AppSense has some great (expensive) products and a nice utility to remind Administrators to protect their environment (desktop) against certain security threads.
Microsoft has extended the Group Policies with each release of Windows to give Administrators the ability to secure the system. Only a view GPO’s can make an environment much more secure and the Security Analyzer can proof it. Check out Microsoft security options and become familiar with Group Policies before thinking to buy 3rd. Party Software.



References



Comments


Schose
Written by Gast on 2008-02-28 23:00:27
Link to "AppSense Security Analyzer" seems to be dead! I didn't found a new one...


AppSense Security Analyzer download
Written by thomas koetzing on 2008-02-29 12:05:42
Looks like AppSense has removed SA from their Web site. I have now changed the link to download the SA from my site.


NOTE  
NOTE  You have to register in the Forum to post comments with your name.

Write Comment
Name:Guest
Title:
BBCode:Web AddressEmail AddressBold TextItalic TextUnderlined TextQuoteCodeOpen ListList ItemClose List
Comment:




Code Verification
CAPTCHA Security Code Security Code *


 
find or follow me @