Subject: | |
From: | |
Reply To: | |
Date: | Mon, 22 Jan 2007 10:26:33 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Max,
Registry keys are good, but you should also check for the running
process if you can.
As to your second question, there really isn't a good way to create
those rules without buying or demoing each product that you want to
support and testing it thoroughly.
Depending on the brand/version, it's possible someone here has
already built a rule for it that they would be willing to share.
Good luck,
Michael Grinnell
Network Security Administrator
The American University
On Jan 22, 2007, at 9:37 AM, Caines, Max wrote:
> Hi
>
> I'm new to CCA, so my apologies if this is a silly question. The
> security checking software we are moving from checked that Windows
> systems (>= 2000) had a personal firewall installed and enabled. I'd
> like to check this in CCA, but as there's no built-in rules for this,
> I'll need to construct some. The only way I can think to do it is to
> check Registry keys for installed software that either is or
> includes a
> firewall. However, my knowledge of this sort of software is not
> comprehensive, and I can't think of any practical way to find out the
> Registry keys created by a load of products I've never installed.
>
> Is what I'm doing feasible? Does anyone have any ideas that might
> help?
>
> Thanks
>
> ----------------------------------------
> Max Caines
> IT Services, University of Wolverhampton
> Wolverhampton, West Midlands WV1 1SB
> Tel: 01902 322245 Fax: 01902 322699
|
|
|