- SekChek Classic
Infobox Software
name = SekChek
caption =
developer = SekChek IPS
latest_release_version = V5.0.0
latest_release_date =07 May 2008
operating_system = Windows,OS/400 ,UNIX ,Netware
operating_system_desc =
size = 4.3MB
genre =Computer Security andAudit
license = Proprietary
website = [http://www.sekchek.com SekChek.com]SekChek Classic comprises a set of automated computer security analysis and benchmarking tools for non-mainframe platforms. The set of tools was developed by SekChek IPS and released in 1996. The product analyses the effectiveness of security controls on host systems supporting organisations’ applications and produces reports highlighting strengths, weaknesses, and recommended corrective actions, relating to security controls on a host or domain. The reports are offered in user selectable formats, including
Microsoft Word , Excel and Access. The product comprises four security analysis modules: "Windows", "AS400", "UNIX" and "Netware" as well as "SekCrypt", a symmetric encryption/decryption module.upported platforms and technologies
Operating systems:
*Microsoft platforms: Windows NT4, 2000, 2003, XP, Vista, 2008
*UNIX Platforms:HP-UX (including C2/TCB),AIX , SUN/Solaris,OSF1 ,DG-UX , SCO,AIX ,UnixWare ,Dynix ,BSD , OSF, HI-UX,Nokia IPSO ,Linux
*Netware Platforms: Netware 4.x, 5.x, 6.x
*AS400 platforms:iSeries (V2R3 to V5R4)Encryption technologies
*PKI (
public key cryptography ),RC2 ,RC4 ,DES ,3DES ,AES ,RSA , S/MIME, TLS/SSL (Transport Layer Security /Secure Sockets Layer ).Microsoft Office versions:
*Office 97, Office 2000, Office XP, Office 2003, Office 2007
Features
The extraction tools retrieve
security policies , control settings and values from the enterprise’s hostoperating system . The security settings and values are benchmarked against data points contained in a statistics database and mapped against various industry types,geography , operating platform and number of system accounts. The statistics database contains over 25 million anonymous security measures retrieved from over 50,000 analyzed systems. The reports are offered in Microsoft Word, Excel and Access and contain technical and high level summaries. The developers of the software designed the reports to assist IT and Audit professionals determine the effectiveness of host security and provide formal evidence of auditing for inclusion in working papers.The Windows, AS400, UNIX and Netware extract tools extract control data regarding security policies and objects defined on the target host. The product analyses the host’s details, User and Group accounts, Group memberships, Account Rights, Administrative privileges, Security policies, Security properties, Services, Audit Events, Network Shares, Disks and Host Properties.
The SekCrypt utility is a symmetric encryption tool that can encrypt and decrypt files using encryption algorithms: RC2, RC4, DES, 3DES, AES (Rijndael).
The FileSplitter tool facilitates the splitting and re-joining of large file into a collection of smaller files. The output file size can be controlled, and can range from 10,000
bytes (10 KB) to 10,000,000 bytes (10 MB). The default size is 1,450,000 bytes.Distinctive characteristics
*The server extract tools do not have an installation procedure.
*The extraction products do not depend on agent software.
*Data is encrypted with PKI prior to submission for report processing.Criticism
Clients, with company policies against exporting sensitive corporate data, were concerned about using SekChek Classic. Some of these concerns were dissipated with the development of the SekChek Local tool – a product utilized for on-site assessment of Windows systems.
References
* [http://www.clickpress.com/releases/Detailed/38496005cp.shtml ClickPress - Unique Security Assessment Tools]
* [http://www.networkworld.com/newsletters/nt/2006/0508nt1.html Script Logic]
* [http://www.sekchek.com/SekChekcomparelocalclassic.htm Compare Classic Software]
* [http://www.earthtimes.org/articles/show/computer-security-evaluator-sekchek-announces-brand-new-product-for-on-site,317272.shtml Earth Times - On-Site Security Assessments]
* [http://www.darkreading.com/document.asp?doc_id=96430 Jennifer Bosavage - New Service Seeks Out Security Gaps - Techweb]
* [http://www.itsecurity.com/security.htm?s=17825 Independent Reality Check of OS Security - ITSecurity]External links
* [http://www.sekchek.com SekChek Home Page]
* [http://www.sekchek.com/SekChekclassicsw.htm SekChek Classic]
* [http://www.sekchek.com/downloads/Sek500.exe SekChek Classic Download]
Wikimedia Foundation. 2010.