How many of you run any kind of Microsoft service in your data center? I thought so…
Did you know that Microsoft makes available a number of free tools to help administrators keep their environments a bit safer than they might otherwise be? I’m sure most of you are familiar with tools such as Microsoft Security Essentials, but the tools I’m thinking of are targeted more at the administrator. Today, Microsoft posted an inaugural post entitled Microsoft’s Free Security Tools - Series Introduction in which the author describes in detail two such tools: Port Reporter and Port Reporter Parser.
Port Reporter is a tool which “logs all the network usage and related details such as the IP addresses the system is communicating with, the TCP and UDP ports that are used, the processes running on the system that use the ports, whether each process is a service, the modules that each process using network ports loaded, the user accounts that start processes using the network.”
The data that is captured can then be analyzed to determine if an attack is taking place based on patterns in the data.
Port Reporter Parser
As you might imagine, there is a lot of data to analyze and that’s where the parser comes in. The parser allows you to run queries against the log files, which can yield actionable results that can improve the overall security posture of the organization.
In this first in series article, only these two tools are reviewed, but it is full of good information and I recommend that you place it on your watch list for future installments.