Server Security

EventSentry Light enables system administrators to have eventlog messages sent by email. The free version allows you to specify one filter criteria, to limit notification to selected (or all) events, based on EventID, category and keywords. You have the choice of text or HTML emails, set time and day restrictions and more. An excellent tool for EventLog monitoring, the free version will do great for most small networks.

Hotfix Reporter is a free utility that works in conjunction with the Microsoft Network Security Hotfix Checker (HfNetChk) tool to scan your Windows NT 4 or Windows 2000 server for missing patches. HfNetChk scans your system for missing patches, but is a command line tool and displays the results in a raw, plain-text, unfriendly format. Hotfix Reporter converts the HfNetChk raw output into an HTML page, and displays Microsoft security bulletin numbers and knowledgebase article numbers as clickable links, making it easy to view the appropriate pages on the Microsoft web site, and immediately download the necessary patches. The result report is immediately displayed in your browser. In addition, Hotfix Reporter tells you if a new scan produced different results than the last time, making it easy to quickly tell if any new patches have been released; and displays the most patches first.

NTLast30 is a command line Security log analyzer. It is targeted at serious security and IIS administration. Scheduled review of your NT event logs is critical for your network, a server breach can be uncovered by regular system auditing and identifying and tracking who has gained access to your system, then documenting the details is made easy with NTLast. This tool is able to quickly report on the status of IIS users, as well as filter out web server logons from console logons. NTLast includes features like raw time output for Excel analysis and many more additional features for Webmasters. This tool is able to quickly report on the status of IIS users, as well as filter out web server logons from console logons.

SNScan is a SNMP detection utility that can quickly and accurately identify SNMP enabled devices on a network. This utility can effectively indicate devices that are potentially vulnerable to SNMP related security threats. The program allows for the scanning of SNMP specific ports (e.g. UDP 161, 193, 391 and 1993) and the use of standard (i.e. "public") and non-standard (i.e. user-defined) SNMP community names. User defined community names may be used to more effectively evaluate the presence of SNMP enabled devices in more complex networks. SNScan is intended for use by system and network administrators as a fast and reliable utility for information gathering. While not indicating whether SNMP enabled devices are vulnerable to specific threats, SNScan can quickly and accurately identify potential areas of exposure to SNMP related vulnerabilities.

SQL Server 2000 security tools contains 3 Microsoft tools for administrators to scan instances of SQL Server and detect security vulnerabilities, and then apply updates to the affected files. SQL Critical Update scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm, and updates the affected files. SQL Scan (Sqlscan.exe) scans an individual computer, a Windows domain, or a range of IP addresses and SQL Check scans the computer on which it is running for instances of SQL Server 2000 and MSDE 2000 that are vulnerable to the Slammer worm. The tools can be used to detect and disable vulnerable servers, and to deploy the necessary patches.

Qchain gives system administrators the ability to safely chain hotfixes together. Hotfix chaining involves installing multiple hotfixes without rebooting between each installation. Without this tool, the only supported method is to reboot after each hotfix installation.