When doing a security assessment for a large organization, you need to collect a multitude of information for a proper assessment.
One of the essential elements in a network assessment is systems inventory. While most security personnel would use a port scanner to scan the full IP range of the organization, when analyzing a windows environment there is another tool that should be used in coordination with a port scanner.
When scanning a Windows environment, a WMI (Windows Management Instrumentation) scanner is a valuable assistant. The tool that i'm using is WMI Asset Logger. The tool is deliver by John J Thomas and is freeware.
The WMI Asset Logger will just require a domain admin username and password, it will query the domain for registered computers or ask for a target computer. Then it will query each computer to give you a nice overview of current computer status on the network.
The results are presented in the GUI, an example presented below.
Ofcourse, one can always comment - what are the benefits of using a WMI scanner?
- Verify inventory delivered by the IT personnel - with WMI AssetLogger you can create a rapid report with which you can compare the report delivered by IT and verify their formal statement.
- Make rapid checkup of installed OS versions and Service Pack - Quite often, your first priority is verification of installed OS consistency. With WMI you get a birds-eye view of installed OS of all windows machines
- Create a relevant inventory for comparison on subsequent controls - the report is easily exportable into XLS or Tab delimited file, so it's easy to load results into a database for comparison of subsequent scans (monthly or quarterly)
- Find primary targets for deep inspection - Based on simple rules and pairing with the results of a port scanner, you can find interesting targets for deeper analysis
Talkback and comments are most welcome
TrueCrypt Full Disk Encryption Review
Creating Your Own Web Server