AuditShark Overview

This page will answer four imporant questions for you:

  1. What is AuditShark?
  2. What will I learn from AuditShark?
  3. How is AuditShark different than other security solutions?
  4. What should I be reviewing to improve the security of my servers?

1. What is AuditShark?

AuditShark is your personal security advisor. When AuditShark examines what is installed on your servers, it can determine which security issues are specifically relevant to you. Focusing on these issues allows you to pinpoint the tasks you should focus on and filter out the tasks which are high-cost tasks which won't substantially contribute to securing your servers.

2. What will I learn from AuditShark?

What you learn from AuditShark depends a lot on what you have installed on your servers, how it is configured, and what is generally accepted as best practices. A customer with Windows servers running SQL Server will learn radically different things than people who are running Ubuntu servers and Apache.

AuditShark focuses on offering security guidance in order to highlight steps that can be taken towards preventing well known scripted attacks and exploits. In many ways, it acts as a second set of eyes on your servers that is specifically looking at the security implications of those settings.

3. How is AuditShark different than other security solutions?

AuditShark is not an active solution that intercepts malicious code or commands. It reads your server configuration and then advises you of the implications of what is currently present. In addition, it can act as an early warning system to notify you of potentially critical changes that have occurred. If you made the changes, then you can ignore it's warnings. However, if AuditShark notifies you of changes which you didn't make, then it would be wise to investigate the changes it has identified.

4. What should I be reviewing to improve the security of my servers?

At a bare minimum, you should review how your servers are configured when you first deploy them. It doesn't matter whether the servers are used in production or whether they're test-only machines. If the servers are compromised, then your software, data and system configurations become exposed. That exposure, if analyzed, could be used to exploit your production systems.

You should also perform a regular audit of your servers to verify that they are still configured the same way that you left them. The longer you wait between these audits, the longer a breach can go without being noticed. And the longer a hacker is allowed on your servers, the more damage they can do, especially if they're able to incrementally escalate their privileges.

© 2011-2019 Moon River Software Inc. All rights reserved.
@AuditShark stay in touch