Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Case Study: Network auditing on a shoestring

Using Perl to document shares and file access.

Article comments

What do you do when the auditors are breathing down your neck, wanting to see an exhaustive report on the Windows network security of a 2000-user network across eight sites? That's easy. Break out a text editor and start writing some Perl.

That's what my colleague Matt Prigge and I did when we were tasked with locating every share available on a network and documenting who had access to their files. At first blush, it was a Herculean effort. When we started coding and the pieces began to fall into place, however, it became much simpler.

The first order of business was determining how the data would be stored. We opted to place everything in a MySQL database running on a Linux server, with all back-end code running on a Windows 2003 Server with ActivePerl - because the polling processes required the Win32 Perl APIs. The reporting and searching front end would be written in PHP (PHP: Hypertext Preprocessor) and run on another Linux server. Because the common ground was MySQL, this presented the easiest path.

The polling process first searched Active Directory for the list of Computer records. When these had been found, it used a Domain Admin account to inspect the relevant registry keys on every computer in the domain and search for open file shares. If any shares were found, the poller would walk the file share with Administrator privileges to determine the size of the share and catalogue the permissions on every folder to a depth of six directory levels.

The scripts would then insert all the data found for each share into the MySQL database, keyed on the machine name. Very quickly, the database grew very large, as it was inspecting not only known server shares but even shares on workstations that IT may not ever have known existed.

The polling process took several hours to complete every time it ran, so this process became a daily event, starting at 9am, when most workstations in the network were powered on and available via the network. The process located hundreds of shares and logged thousands of folders, files, and user access rights into the database.

To present this information in a relatively simple way, we wrote a PHP-based Web front end that allowed an administrator to search the database with a domain username, a computer name, a share name, or a folder name. Searching the database with a username or a Windows security group name would list every share that the user or group had access to, sorted by computer name. Additionally, the admin could drill down six levels deep in every share to find individual user permissions on specific folders in each share. The database was updated daily, so the information was always current, although time constraints eliminated the possibility of capturing historical data for later perusal.

To top it all off, the same PHP front end made possible a full dump of all share data, using CSS to present the entire database in a printable format. When the auditors came calling, we were able to present them with a stack of paper 3 inches thick, containing information about every share available on every computer in the network, cross-referenced with a list of every security group and every user in the organisation. If they needed to spot-check the data, the Web front end was ready and waiting. Needless to say, although we were fairly sure they didn't actually grasp what they were seeing, the auditor's report gave top marks to the IT department, and the IT director bought three rounds that night.


Share:

More from Techworld

More relevant IT news

Comments




Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *