Auditing an environment with hundreds of servers can be a time-consuming process for an Auditor. Artifacts provided by clients in the form of reports, screenshots etc. are helpful but as they say “Trust but Verify”. Manual verification process can be time consuming. PowerShell has come a long way from being a “blue version of command line” to a cross platform tool which not only is supported on Windows but is also available for Linux and MacOS.
PowerShell has been gaining popularity among system admins for their daily operations. PowerShell can be a very powerful tool for system auditors. Traditional audit process involves auditing one system at a time for verification. PowerShell provides the capability to audit large number of systems quickly and effectively. This presentation provides a walk-through of an automated framework created by the author to automate evidence collection for some PCI DSS requirements. The automated framework contains test cases as they map to various PCI DSS requirements. Some typical test cases which were part of this automated framework are:
1. Anti-Virus unit test
2. Listening Ports Unit Test
3. Windows Update Unit Test
4. File integrity monitoring Unit Test
5. Installed program Unit Test
6. User account review unit test
7. Application white listing unit test
8. GPO unit test
About the Speaker
Sunny Jamwal is a Senior Security Consultant for MNP’s Cyber Security team. With over 10 years of experience, Sunny has extensive knowledge of information security, networking, and related information technologies allowing him to quickly and knowledgeably inspect system architectures, identify vulnerabilities, assess risks and recommend safeguards to reduce and mitigate risk to information assets. Sunny has acted as the primary technical lead and subject matter expert on numerous Cyber Security Assessments for various private and public organizations in government and industries such as retail, finance, insurance, manufacturing, computer, communication, utilities, healthcare, and business services.