Suvarna Garge (Editor)

SekChek Classic

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit
Developer(s)
  
SekChek IPS

Size
  
10.0MB

Stable release
  
V5.1.3 / 24 May 2016

License
  
Proprietary

Operating system
  
Windows, OS/400, UNIX, NetWare

Type
  
Computer Security and Audit

SekChek Classic comprises a set of automated computer security audit and benchmarking tools for non-mainframe platforms developed by SekChek IPS in 1996.

Contents

The product analyses the effectiveness of security controls on host systems supporting organisations’ applications and produces reports highlighting strengths, weaknesses, and recommended corrective actions, relating to security controls on a host or domain.

The reports are offered in user selectable formats, including Microsoft Word, Excel and Access. The product comprises four security analysis modules: Windows, AS400, UNIX and NetWare as well as SekCrypt, a symmetric encryption/decryption module.

Supported platforms and technologies

Operating systems:

  • Microsoft platforms: Windows NT4 to Windows 2012 R2, Active Directory, MS-Exchange
  • UNIX platforms: HP-UX (including C2/TCB), AIX, Solaris, OSF/1, DG/UX, OpenServer, UnixWare, DYNIX, BSD, HI-UX, Nokia IPSO, Linux
  • NetWare Platforms: NetWare 4.x, 5.x, 6.x
  • OS400 platforms: iSeries (V2R3 to V7R1)
  • Encryption technologies

  • PKI (public key cryptography), RC4, DES, Triple DES, AES, RSA, S/MIME, TLS/SSL (Transport Layer Security / Secure Sockets Layer).
  • Microsoft Office versions:

  • Office 2003 to Office 2010
  • Features

    The audit tools scan security policies, control settings and values from the enterprise’s host operating system. The security settings and values are benchmarked against data points contained in a statistics database and mapped against various industry types, geography, operating platform and number of system accounts.

    The statistics database contains over 30 million anonymous security measures retrieved from over 80,000 analyzed systems located in 140 countries. The reports are offered in Microsoft Word, Excel and Access and contain technical and high level summaries. The developers of the software designed the reports to assist IT and Audit professionals determine the effectiveness of host security and provide formal evidence of auditing for inclusion in working papers.

    The Windows, OS400, UNIX and NetWare tools scan a system for security policies and objects defined on the target host or domain. The product analyses the host’s details, User and Group accounts, Group memberships, Account Rights, Administrative privileges, Security policies, Security properties, Services, Audit Events, Network Shares, Disks and Host Properties.

    The SekCrypt utility is a symmetric encryption tool that can encrypt and decrypt files using encryption algorithms 3DES and AES (Rijndael).

    Distinctive characteristics

  • The server extract tools do not have an installation procedure.
  • The extraction products do not depend on agent software.
  • Data is encrypted with PKI prior to submission for report processing.
  • Includes embedded utilities: A PC Audit tool that performs a basic analysis of a client PC; Windows Firewall auditor; Encryption software; an Active Directory query tool; an Event Log query tool; a file hasher; SID resolver; Orphaned SID locator; and Ping.
  • Criticism

    Clients, with company policies against exporting sensitive corporate data, were concerned about using SekChek Classic. Some of these concerns were dissipated with the development of the SekChek Local tool – a product utilized for on-site assessment of Windows systems.

    References

    SekChek Classic Wikipedia