Written by Thomas Koetzing at Wednesday, 14 June 2006
Some month ago AppSense has release a freeware program called “Security Analyzer”. The purpose of this tool is to analyze the system environment for potential security risks. AppSense runs test for “Launch regedit.exe”, “Open a command prompt”, “Run a .vbs file”, “Obtain Network information”, “Internet – Download and Execute” and “Internet – Download, Rename and execute”. Whenever the Security Analyzer finds a security issue it tells you that it can be blocked using AppSense “Application Manager” product.
What the Analyzer does not tell you is that you can simply block the same security problems using standard Microsoft Group Policies. Actually it’s just five (5) GPO’s to be AppSense “Security Analyzer” compliance!
This article describes what Group Policies are needed to be AppSense “Security Analyzer” compliance.
Security Analyzer Checklist
The following tables show AppSense statements about certain security risks followed by the related Microsoft policy to prevent the security issue. Note that some of the GPO’s are specific to your environment and you need to customize them. For sure you need additional Group Policies to enhance the security of your system or desktop.
AppSense
Obtain network information This test runs IPconfig.exe, hostname, route and netstat. This illustrates the users ability to obtain significant information about the network setup of their own PC.
Microsoft Group Policy Prevention
User Configuration/Administrative Templates/System Run only allowed Windows applications App1.exe App2.exe App3.exe
NOTE: Make sure you find ALL Application that a user needs.
AppSense
Open a command prompt This test will attempt to open the command prompt from the desktop. Risk: This allows users to gain access to low level utilities which could be used to compromise the system.
Microsoft Group Policy Prevention
User Configuration/Administrative Templates/System Prevent access to the command prompt
NOTE: Don't disable script processing, since you might have a bunch of them running during logon/logoff.
AppSense
Run a.vbs file This test will attempt to create and execute a .vbs file (script) on your system. This file is a script that could potentially be used to cause damage to your computer or propagate a virus. In this case the script is harmless.
Risk: A user could run VBS files, which are commonly used for malicious purposes such as viruses.
Microsoft Group Policy Prevention
User Configuration/Windows Settings/Security Settings/Software Restriction Policies /Additional Rules/Path Rules
\\FileServer\FileShare\%UserName% %TEMP%
NOTE: %TEMP% blocks Program execution in the User TEMP folder. Make sure you use the UNC for Homedrives etc. (%UserName% is optional).
AppSense
There are a number of other security-oriented tests that can be run, either sequentially or on an individual basis depending upon your requirements.
Microsoft Group Policy Prevention
User Configuration/Administrative Templates/System Prevent access to the registry editing tools
User Configuration/Administrative Templates/Windows Components/Windows Explorer Hide these specified drives in My Computer Enabled (optional) Prevent access to drives from My Computer
And there is a huge number of other Microsoft Group Policies to enhance the security!
NOTE: Don't disable regedit in silent mode if you apply regfiles during logon.
Microsoft Group Policy Management Console (GPMC)
Review the GPMC screen shoot for all needed Group Policies. The Software Restriction Policies Enforcement is optional but the local Administrator exception might be a good idea.
Check the Security Analyzer compliance
Run the Security Analyzer as a standard user to review if your desktop is now secure.
Summary
AppSense has some great (expensive) products and a nice utility to remind Administrators to protect their environment (desktop) against certain security threads. Microsoft has extended the Group Policies with each release of Windows to give Administrators the ability to secure the system. Only a view GPO’s can make an environment much more secure and the Security Analyzer can proof it. Check out Microsoft security options and become familiar with Group Policies before thinking to buy 3rd. Party Software.
Schose Written by Gast on 2008-02-28 23:00:27Link to "AppSense Security Analyzer" seems to be dead! I didn't found a new one...
AppSense Security Analyzer download Written by thomas koetzing on 2008-02-29 12:05:42Looks like AppSense has removed SA from their Web site. I have now changed the link to download the SA from my site.
Comments
