Summary: SecurityExpressions WebScan Free Edition is a free tool for assessing how well computers comply with industry-standard security hardening policies and guidelines. URL: http://www.securityexpressions.com/webscan Hardnening policies to choose from: - Microsoft Security Guidelines for Windows NT - National Security Administration (NSA) Guidelines for Windows 2000 - Hotfixes for Windows, Outlook, IIS, Internet Explorer and other Microsoft Products - Others to be added over time Examples of misconfigurations uncovered: - Incorrect registry permissions - Lax file/directory permissions - Unneeded services - Lenient user rights - Missing hotfixes Requirements: - Windows NT 4.0 or higher - Internet Explorer 5 or higher - Administrator account How it works: - Visit http://www.securityexpressions.com/webscan - Select the policy - Click "Begin Scan" - IE will download the WebScan ActiveX object - The ActiveX object will scan your local computer - Output will be displayed in IE Security implications of running WebScan: - WebScan runs only on the local machine so that no sensitive information is sent through the Internet. - WebScan does not require any registration or other type of user identification. - WebScan provides an option that, if checked, sends back the results of the scan so that we can collect aggregate statistics. These statistics help us to improve the product. The technology: - WebScan is based on our SecurityExpressions product that is used by organizations to ensure that their systems comply with custom policies. - WebScan uses only documented, standard Windows API. - A commercial version interfaces directly with SecurtyExpressions and allows fixing of any problems discovered
This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 07:31:58 PDT