SAT - Readme File

SAT Readme File

About SAT

The implementation of the "Security Analysis Tool" is part of a research project carried out on the Institute for Information Processing and Microprocessor Technology (FIM) at Johannes Kepler University in Linz (Austria).
This file contains a short documentation about the current version of this application. It is recommended that you read the entire document.
Comments and suggestions are appreciated. Please use the information provided in this file to contact us.

Contents of this page:

General introduction to SAT
SAT components and architecture
Annotations for installing and using this application
Requirements
How to install and configure SAT
Sample scenario
Using SAT
"Hidden treasures"
Deinstallation of SAT

1. General introduction to SAT

For a general description of SAT please read the paper "Managing Windows NT file system permissions (A security tool to master the complexity of Microsoft Windows NT file system permissions)", published by Academic Press, Journal of Network and Computer Applications (1999) 22, pages 119 - 131.
This article is also available via http://www.idealibrary.com (No. jnca.1999.0086) and via http://www.fim.uni-linz.ac.at/sat/.
One version of the paper is included within this package. See the file SAT_description.htm on your disk or in your ZIP-file.

2. SAT components and architecture

Generally speaking, the "Security Analysis Tool" consists of two parts:

Rights Viewer: is a database front-end, which analyses and visualises the stored information. The main feature of this application is the user-centred visualisation of rights and permissions.
For example, you can view all file permissions of the user "Guest". Just like in the Novell-System you can evaluate trustee rights and effective rights. The viewer application gives you also the possibility to generate reports. The clipboard takes the results and you can copy it into a word processor.
Distributed scanner: stores security information into a centralised database. The scanner supports five compression levels, in order to reduce the arising amount of information. The visualisation will be simplified by using these compression levels as well.

Controller: This program provides a user interface for controlling the scanner. You can specify a target database and a set of computers to be scanned.
Master service: This is the "assembly point". It receives the security information of the Slave services and stores them into the database.
Slave service: This component does the real security scan. Each computer, which should be scanned, runs this service.

Using the Controller program you can configure and start the Master service. The Master service itself controls its Slave services, which transport the scanned security information back to the Master service. Because the Master and Slave components are implemented as services, it is possible to scan a computer even when no user is logged on. This feature is useful for scheduled scan-operations.

3. Annotations for installing and using this application

Trust relationships between domains are required, when scanning across domain boundaries.
The Slave service must be installed on each computer, which should be scanned.
The Master service can be installed on any computer. Please consider that this component is very performance intensive, particularly when it runs with many Slave services in parallel. As you can see in the illustration above, the Master service is a bottleneck.
We recommend that you install the Master service on an "unimportant" computer within the network.
The Controller and the Rights Viewer can be installed alternatively on any computer.
You can control the scanning process manually or you can automate it by using the AT- command.
Only file security is implemented in the current version. Future versions will be able to scan the registry, services, printers, etc.

4. Requirements

Platform:
Only the INTEL platform is supported. There is no support for ALPHA or MIPS.
Operating System:
Windows NT 4.0 (SP3 or higher recommended)
MS ODBC (Microsoft Open Database Connectivity):
Some components of SAT are interacting with an ODBC database and therefore need an ODBC environment. The affected components are Master Service, Rights Viewer and Controller. The setup program does not install the ODBC software by itself. Additionally this version of SAT has only been checked for compatibility with Microsoft ACCESS drivers.
A HTML-browser (e.g. Microsoft Internet Explorer or Netscape browser) is necessary to view the SAT information files on a computer.

5. How to install and configure SAT

Because there is not possibility to upgrade form previous versions of SAT, please deinstall any previous version of SAT before installing this BETA version! The old Access data files can be used with Beta 1.01a of SAT.

Self installing zipped file: If your SAT version consists of a single file SAT10BETA.EXE, just start this program and follow the given instructions.
(This variant will be standard if you receive SAT via email or download SAT as a single file via WWW.)
Already unzipped package: If your have an unpacked version of SAT, which consists of several files including the program SETUP.EXE, simply start SETUP.EXE to install the application.
(If you receive SAT on two disks, the program SETUP.EXE is on the first disk)

A wizard then guides you through the whole installation process. (When you install SAT the first time on a test computer, we recommend installing all components and experiment with them.)

The "Service Config" application installs and configures the services of the application. This makes the application ready for the first use (see the next chapter). You can use the "Service Plus" application for controlling the service security. The security of the Master service decides, who is allowed to initiate a scan. So you can use this tool to control the permissions of the distributed scanner.

SAT needs a central ODBC database of type "System DSN". So create a new Access database by using the ODBC manager on the computer running the Master-Service. For more information see the following sample scenario.

6. Sample scenario

We assume a small domain containing 4 computers (one domain controller with name DC0, two workstations with names WS1, WS2 and a member server SERV3). All computers should be analysed by SAT. Besides this, SERV3 is the computer of the administrator and is dedicated to store the SAT database and runs the "Master Service". Because the administrator wants work with SAT from his computer, the "Controller" (to start a scan) and the "Viewer" (for SAT reports) must be installed on this computer too.

These considerations lead to to following installation sequence:

Create a new user (e.g. with name SAT_User) as global user on the domain controller DC0.
Make the account SAT_User a member of the global group DomainAdmins.
(Therefore SAT_User has administrative rights on all computers of the domain, because the global group DomainAdmins is a member of the local group Administrators on every computer of the domain as a standard. If this is not true for your configuration, please ensure that user SAT_User has administrative rights on every computer running a SAT-service.)
The three computers DC0, WS1 and WS2 are treated the same way, so we only describe the installation sequence once:
- Install SAT using the "Slave only" setup type.
- Use the program "Service Config", which is automatically installed, to set up and configure the "Slave Service". Supply the user previously created (SAT_User) together with the password.
- The slave component is configured properly on this computer now.
Install SAT using the "Full Installation" mode on computer SERV3. Configure the "Master Service" and "Slave Service" by using the program "Service Config" in the same manner as before.
Create a new Access database of type System DSN by using the ODBC manager.
Start the "Controller" component of SAT and bind SAT to the newly created database. Configure, which computers and which drives should be analysed. After that you are ready to start the scan process.
After the scan process is finished (this may take some time), you can view the results using the "Rights Viewer". The "Controller" shows the current state of the scan process to you. (Don't forget to press the refresh-button to obtain up-to-date information!).

Check that the user SAT_User has administrative rights and the right "Logon as a service" on every computer, which is to be analysed. Additionally, these rights must be given to SAT_User also on the computer holding the "Master Service". If any problems arise, please check the event logs to see if security is the reason for the malfunction.

This scenario is by no way complete. Please feel free to create your own global and local groups and group relationships to support the services and programs of SAT with the correct security settings. The program "Service Plus" me be used for these purposes too. Just consider the possibility to allow another user (without administrative rights) to start the "Master Service" using an command-line tool. See chapter 8 for more information about this.

Because the user SAT_User has administrative rights on all computers of the domain, use a secure password and treat this account the same way as every other administrative and confidential account!!

7. Using SAT

There is no online help implemented in the current version. This chapter contains a set of instructions that describe the use of this application.

Service Config:
This little program installs, removes or configures the Master and Slave services on the current computer (setup is not able to manipulate Windows NT services). After installation you should execute this program to complete the service configuration. It can also be used for changing the service accounts at any other time.

Controller:
The Controller application provides a user interface for controlling the distributed scanner. It is able to access a local or remote.

Master service:
Using the integrated configuration editor, you can set the desired scan attributes (database, computers, options, ...). These configuration settings are persistent, so you can maintain the same settings for several scans.
For more information about selecting to right compression levels, please see the general overview. The "Scan" button starts the scanning process using the current configuration settings. You may close the Controller, when it reports a successful start. The Master and Slave services will finish the task in the background.
Rights Viewer
The Rights Viewer is the database front-end. It provides a user-centred analysis of the scanned security information. You can visualise the scope of action of any user or group.
- When you open a database you will get a window that displays a list of all scans stored in this database. A double click on an item opens a browser, which gives you a detailed view on a scan.
- You may open multiple databases and multiple browsers in order to compare different scans with each other.
- The browser is split up into two parts. The left one contains all users and groups and the right one will display the analysis results.
- Select an account on the left browser side and execute one of the following commands: "View/Trustee Rights" or "View/Effective Rights" or "View/Group Information". A new tree entry on the right side will appear. It contains the desired information.
- Trustee rights are permissions that are granted for a certain account. Effective rights are the accumulated permissions of an account and the groups it belongs to. The group information displays the group memberships and other account attributes.
- You can decide between three view options: "No compression", "Only changes" and "Only changes with optimisation". For more information about compression see general overview.

8. "Hidden treasures"

Command line program "RunMst"
This little program is the command line version of the "Controller" application. Its only functionality is to start a security scan. The usage of the program is quite simple:
runmst [computer]
You can use it in conjunction with the AT-scheduler. Annotation: If the Schedule service runs under the LocalSystem account, the program will not be able to start a scanning process on a remote computer (LocalSystem has limited network capabilities). Example:
at 10:15 c:\SAT10\runmst
Service Plus
"Service Plus" is an advanced service configuration tool. This application allows to perform non-standard operations on Windows NT services such as adding new services, removing existing services, view and manipulate the service security. "Service Plus" is able to access services on a remote machine as well.
Command line program "Service"
This is a command line version of "Service Plus" with some limitations. It allows to install, remove or configure a service on the local computer. For getting help on using this program, type:
service -?

9. Deinstallation of SAT

To deinstall SAT, please follow these steps:

Use the program "SAT Service Configuration" to uninstall the SAT service(s).
Deinstall SAT via "Add/Remove Programs" in the "Control Panel".

Last modified 2000-05-17 by the SAT-Team.