Monday, 9 June 2014

Paws Studio Walkthrough

by Alen Damadzic (Software Developer, Titania)

About the Author

Alen is a key member of the technical team and is the lead developer of Paws Studio compliance auditing software. Since joining Titania as a computing graduate three years ago, Alen’s knowledge of software development and cyber security has grown with the company and he now uses this knowledge to support and train new members to the ever growing development team.

Paws Studio is a compliance auditing tool for servers, workstations and other Windows or Linux based systems. At a basic level, creating a compliance report in Paws Studio can be as simple as selecting an audit policy and clicking go. However, behind the scenes, Paws Studio is performing a number of different processes in order to determine what needs to be checked, collecting the data, comparing the collected data against a policy and finally creating a report. This article provides a walkthrough of those processes to enable you to create truly effective and thorough custom policies to audit against.


Figure 1. Paws Studio audit process
A typical Paws Studio audit is a two-step process. The initial step is to collect the data for the audit and the second is to create the report by comparing that data against a compliance list (see Figure 1).

Collecting Audit Data


Data, such as password policy settings, are collected using a data collector. On Windows, the data collector is a small native program that reads the registry, file permissions and so on. The data collector does not require installing on the system that is being audited and does not require anything to be installed. On Linux systems the data collector is a shell script.

The data collector only collects what is required to create the report. Those audit parameters are specified in a policy file, which we will come back to later.

Figure 2. Report creation methods

When you select to create a new report in Paws Studio (see Figure 2), it will give you the option to add all the systems that you want to audit (local and remote). Paws Studio will then deal with executing the data collector for you and retrieve the results. It is important to note that during this process, Paws Studio will tidy up after itself, so no audit files will be left on the audited system.

Figure 3. Manual data collector option
It is also possible for you to run the data collector yourself on various systems and provide Paws Studio with the collected data; this is shown as the “Manual” option (see Figure 3).

To obtain the latest data collector so that you can perform the audit yourself, select the “Export Collector” option from the “Utilities” menu. You will also need a copy of the audit policy file for the data collector. By default on a Windows system the policy files are stored in “C:\Program Files\Paws Studio\XML”. You will find policy files for PCI, STIG, SANS, and others.

The data collector can be executed from the command line on both Windows and Linux systems. This gives you the ability to script the software so you can automate the audit data collection process.

The Audit Policy


Figure 4. Audit policies

When you create a compliance audit report in Paws Studio you have to select an audit policy that you want to check compliance with. It could be a PCI policy, STIG or others. The policy that you check compliance against when producing a Paws Studio report is stored in a specially formatted XML file.

Although Paws Studio is supplied with a number of pre-defined audit policies, you can create your own. You could use your favourite XML editor to create an audit policy file but Paws Studio includes a policy editor.

The audit policy editor has two modes of operation, a wizard mode and editor mode (see Figures 5, 6). The wizard mode is designed to easily enable you to create your own new audit policy, or edit an existing one, and guide you through the process. The editor mode is more suited for advanced users and editing existing policies.

Figure 5. Policy editor: editor mode

Figure 6. Policy editor: wizard mode

Figure 7. Paws Studio Settings

Customizing an Audit Report


Your audit reports can be customized to change the company name, logo, classification and so on. If you want to override the default Cascading Style Sheet (CSS) there is even an option to do that.

Some key customization options such as the “Policy Editor” “Authorized Software” and “Authorized Startup Items” contain the lists of what is determined to be authorized or not during those particular checks.

The “Reporting” options include an “Interactive Mode” setting that will cause Paws Studio to potentially ask you some questions during an audit. For example, some checks may require a physical analysis, such as “is the server room door locked?”.

An Audit Walkthrough

Figure 8. Paws Studio main frame
Now that we have highlighted the key components of a Paws Studio audit, the simple process of performing a report with all the available options is straight forward.

Select the “Create Report” option (see Figure 8).

Figure 9. Report creation methods

Select what you want to audit (see Figure 9).

“Local” will enable you to perform an audit of your local machine.

“Network” will enable to audit other computers on the network. You many need to specify a username and password.

“Manual” will allow you to add manually collected audit data.

Figure 10. Audit policies

Select the audit policy report that you are interested in. You can select multiple audit policies or specify your own using the “Import Policy” button (see Figure 10).

Click on “Create Report”.

Then you can read your report and save it out to a number of different formats such as HTML, Word, PDF, CSV and others.

Conclusion


This article has delved into what goes on behind the scenes of Paws Studio. By walking you through the key processes involved in creating your own compliance reports, it will enable you to get the most out of the software.

No comments:

Post a Comment

Did you find our blog useful? Let us know! We would love to hear your thoughts, opinions and comments regarding any of our blog posts.