Software keeps eye on security settings

February 5, 2001 —

Configuration management isn't sexy, but it sure is sweet for IT executives who realize that consistency of network settings helps ease their security concerns.

Configuresoft hopes to deliver that message with Enterprise Configuration Management (ECM) 3.5 software, which provides security management and alerting features. The package now provides companywide views of security configuration settings so administrators can track inconsistencies in their networks that may cause security problems.

"We wrestle with keeping our servers cookie cutter, meaning they are all the same," says Scott Srager, manager of Windows NT systems for insurance provider Chubb & Son. "We hope that the new security features will make it easier to administer our audit trails for security on our servers."

Chubb has nearly 500 servers located throughout its U.S. and Canadian offices. Srager also says the new Web-based interface of Version 3.5 should make it easier to deploy the ECM console, which has been a challenge in the past.

The Web console is another key feature of ECM 3.5, as is the Windows 9X Migrator, which evaluates whether desktop hardware and software on Windows 95 and 98 machines is compatible with an upgrade to Windows 2000.

Configuresoft is but one vendor trying to make inroads with security configuration software. BindView earlier this month unveiled bv-Control 7.0, which features a centralized console that integrates nine products into one Web-based management interface. The software allows for security assessments, audits and administration across Windows, NetWare, Unix and other platforms.

Cross-platform support is an area where Configuresoft needs to improve.

"That is one direction that they have to move," says Jeb Bolding, an analyst for research firm Enterprise Management Associates. But Bolding says the new security features are a step in the right direction. "Having a snapshot of the configuration of your desktop and servers gives you a good place from which to manage security weaknesses."

Configuresoft works by placing a Distributed Common Object Model-based agent on each desktop or server in the network. The ECM Collector, which runs on Win 2000 and NT, collates data collected from the agents.

"We can collect between 25,000 and 40,000 settings per machine," says Alex Goldstein, CEO of Configuresoft. "We let you see what configuration settings you have and compare it against what you want."

The security features let companies audit such things as share permissions, passwords, administrative accounts, group memberships and trust relationships. The software sends automatic alerts when security settings are modified and creates logs of historical data on each machine. It also can provide distribution tasks such as installing hotfixes.

ECM 3.5 is available now and is priced at $775 per server and $30 per workstation.

Configuresoft: www.configuresoft.com

Network World