Sister CISA CISSP:

Tools for Auditing and Security


September 24, 2008  5:36 PM

FREE Tool – Changing Local Administratior Passwords On Your Domain



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, free tools, IT audit, Security, Tools & Tricks of the Trade, Tools for Auditing and Security

I just love VBS. And I love the folks that share their tools, AND give us a nice interface AND allow us to push a report to a .csv file. So a BIG thank-you should go out to Jeffrey Hicks, who has his own site, anjd a helpful

September 19, 2008  7:37 PM

Auditing MS SQL – Roles, and Why They Matter



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, Development, IT audit, Microsoft Windows, Security, SQL Server, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

SQL "Server" runs on top of MS Windows, and it has groups inside of it that are not seen on the Windows server or even the Windows Domain. That's why we have to check and make sure that inappropriate users don't have complete access to everything inside the database. Not everyone should be...


September 16, 2008  5:58 PM

FREE Tools for Auditing MS SQL Server



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, free tools, IT audit, Microsoft Windows, PCI DSS, Security, SOX, SQL Server, Steps to an Easy Audit, Tools for Auditing and Security

There's a lot of really nice application tools to audit SQL databases out there. They have lots of bells and whistles and write out a really nice report with professional formatting. If you've got one of those, LUCKY YOU. But most of us Admins and Auditors have to scrounge for what we can find...


September 12, 2008  2:14 PM

Inside the Database Server – MS SQL



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database, Database security, IT audit, Security, SQL Server, Tools for Auditing and Security

The first question to answer is: "Is the SQL system patched?" You or a DBA can confirm this inside Enterprise Manager (the software client that runs on SQL or from a remote installation of it) by right-clicking the primary database icon and selecting Properties. You can also run a query inside...


June 3, 2008  3:01 PM

Eigen’s 2008 InfoSecurity “Rules of Thumb”



Posted by: Arian Eigen Heald
Compliance, Eigen's Rules of Thumb, IT audit, Security, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

Rule #1 - You can pay now, or you can pay later, but if you choose to pay later, you will pay MORE. Rule #2 - You can outsource function, but you cannot outsource...

Bookmark and Share     0 Comments     RSS Feed     Email a friend


May 15, 2008  5:54 PM

Steps to an Easy Audit (3) – Compensating Controls



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Database security, IT audit, PCI DSS, Security, SOX, Steps to an Easy Audit, Tools & Tricks of the Trade, Tools for Auditing and Security

These two magic words should be in every network manager and system engineer's lexicon. It's your get-out-of-jail (not necessarily free) card with an IT Auditor. Every IT shop has an application, a device, a configuration that breaks good security rules and usually corporate policy, as well. ...


May 8, 2008  3:21 PM

Steps to an Easy Audit: Standardizing Patch Management



Posted by: Arian Eigen Heald
Compliance, IT audit, Security, Steps to an Easy Audit, Tools for Auditing and Security

Many of my clients ask me what is the best way to deal with applications and operating systems that need to be patched frequently (like Microsoft’s monthly “Patch Tuesday”). Industry best practices have emerged in some simple steps that can work in almost any size organization: 1. ...


April 29, 2008  2:07 PM

A YUMMY New (FREE) Tool for Looking at Packet Captures



Posted by: Arian Eigen Heald
Admins and Auditors, free tools, Networking, Security, Tools & Tricks of the Trade, Tools for Auditing and Security

I don't know about you, but looking at packet captures is right up there with looking at Cisco PIX firewall configuration files. Nonetheless, it's part of my job, on occasion, and although I enjoy the "capturing" part, the "looking through it" part tends to make my eyes cross. So, a nifty new...


April 22, 2008  6:09 PM

Using Your IDS as a Boat Anchor



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT audit, Security, TCM (Truly Clueless Management), Tearing My Hair Out, Tools for Auditing and Security

Setting up your Intrusion Detection System to send you email alerts designed by the consultants who put it in and thinking you are secure is the equivalent of wrapping a chain around the server and tossing it in when you go fishing. It will do just as much, if not more good in the lake as it will...


April 9, 2008  3:13 AM

Time for an “Auditor” Admin-level ID or the End of Auditor Shoulder-Surfing



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, IT audit, Security, Tools for Auditing and Security

One of the biggest time wasters I experience during an IT audit is have to ask an administrator to: a. Run tools/scripts for me in order to access information b. "Shoulder-surfing" with an admin in order to collect information/screen shots. It's a waste of my time, since I know where to go...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: