February 4, 2012 BlogTalk Radio Show Transcript
To listen: http://www.blogtalkradio.com/vashtihorvat/2012/02/04/using-dumpsec
Good Morning and Good Afternoon. This is Vashti Horvat and I want to welcome you to today’s Technology show on “Using DumpSec.”
The call-in number for today’s show is: 1-323-784-9715.
Today I will share with you a few tips on how and when to use
DumpSec.
DumpSec (spelled D-u-m-p-S-e-c) is a security auditing tool for Microsoft Windows® NT/XP/2000 series (such as 2003, 2005, 2007). This tool is used by IT professionals and IT Auditors.
Basically, the tool dumps the permissions (a.k.a DACL) and audit settings (a.k.a. SACL) for the file system, registry, printers and shares in a concise, readable format, so that holes in system security are readily apparent.
DumpSec also captures user, group, and replication information. The advantages of using DumpSec include receiving a current, full (or 100%) population that represents a point-in-time. And, the tool is FREE!
As an auditor, I frequently request a DumpSec report from the company’s IT team, to provide Data for analysis. Specifically, I focus on data related to user account parameters for all account types (human and non-human).
Analysis includes understanding the following:
# 1 – Which accounts have been enabled or disabled. As soon as you identify accounts that are disabled, they should be removed or hidden from your population. No further analysis is necessary.
# 2 – Which accounts have passwords that do not expire. Based on the IT Security Policy, user account passwords should be set to expire every 60 to 90 days. If you identify accounts with passwords that do not expire, consult with your IT contact to verify that each and every account is a non-human (system account).
#3 – The tool allows you to quickly identify duplicate accounts by user, guest accounts, and student accounts.
There are many more uses for this tool. Would you like to learn more? Then go to url http://www.systemtools.com/somarsoft
Note: I am not a spokesperson or representative of Microsoft, and this radio segment is intended to educate IT and IT Audit professionals on a tool that I have found very useful.
Well that’s all for today and I would like to thank you for your time.
Please tune-in next week for my topic on Skillset of an Auditor – Staying Current in a Changing World
Until next time – Goodbye.