SekChek Logo Verisign
 
 
            
  Frequently Asked Questions    
     
   

Go to answerWho uses SekChek?
Go to answerHow can SekChek help with our compliance efforts, such as SOX and HIPAA?
Go to answerWhat platforms does SekChek run on?
Go to answerWhat impact will SekChek have on my system?
Go to answerWhere does SekChek’s Industry Averages come from?
Go to answerI heard SekChek can measure security against various standards. Tell me more!
Go to answerCan we exchange encrypted email (S/MIME, SSL or TLS) with SekChek?
Go to answerHow secure are the encrypted SekChek files & reports?
Go to answerTell me about your subscription service!
Go to answerWhat payment options are available?
Go to answerWhat are your plans for SekChek?
Go to answerWhat is the difference between the Client software, Extract software & Processing Engine?
Go to answerWhat are the differences between the SekChek Classic tool and the SekChek Local tool?
Go to answerWhat are the copyright restrictions on the software?
Go to answerCan SekChek analyse Registry keys and NTFS permissions?

  
       
  Common Problems  
   

Go to answerWhy can't the Encrypt function 'see' my Extract files?
Go to answerError: 'SekChek's digital certificate is expired or damaged' when you enable PKI features
Go to answerError: 'Setup fatal error: Unable to generate installation log file' when installing the SekChek software
Go to answerError: 'The Page Cannot be Displayed' when I open SekChek's Help file (sekchek.chm)
Go to answerError: 'NTVDM encountered a hard error.' when executing the Windows Extract software

  
       
   
 		  
   

Go to topWho uses SekChek?

The names of specific clients are confidential. However, users of SekChek include major organizations in banking & insurance, airlines, mining, manufacturing, retailing, shipping, transportation, government, building & construction, import/export, food & beverages, farming, security consultants, IS professionals, internal auditors & general management.

SekChek has been used across all industry types in more than 100 countries around the world.

Go to top How can SekChek help with our compliance efforts, such as SOX and HIPAA?

Many clients use SekChek on a regular basis as part of their statutory compliance and internal audit reviews. SekChek is well placed to help out in these areas because:

  • It provides an independent point-in-time snapshot of security controls;
  • The graphical analyses provide a quick indication of whether security controls have strengthened or weakened since the previous time SekChek was run on a platform;
  • SekChek's consistent reporting from one analysis to the next avoids the risk of inconsistent interpretations between analyses over time;
  • Similar reporting formats across platforms analysed (Windows, UNIX, AS400 and NetWare) ensure a consistent standard in the interpretation of security controls.

Go to topWhat platforms does SekChek run on?

SekChek will run on all current versions of AS/400, Windows NT/2000/2003 and UNIX operating systems that are Bourne Shell compatible, such as AIX, HP-UX, Linux, SCO and Solaris systems. It will also run on versions 4, 5 & 6 of Novell/NetWare systems.

Go to top What impact will SekChek have on my system?

From the very outset the SekChek Extract software was designed to be non-intrusive, make ZERO changes to the host/target system, and leave no trace behind after the extract process has completed. With thousands of SekChek's behind us, we are not aware of any reports of SekChek impacting on a host system in any way.

Go to top Where does SekChek’s Industry Averages come from?

Perhaps the most important point is that SekChek’s Industry Averages are not merely based on some static, theoretical average for computer security. Industry Averages used in summary reports are dynamic, real-life averages that are automatically updated after every file we process, using summary data extracted from each file.

SekChek compares security controls on your system against a unique database containing more than 50,000 records and 50 million security metrics.

Go to top I heard SekChek can measure security against various standards. Tell me more!

SekChek typically measures security against internationally recognized security standards because that's what most people want.

However, some clients prefer us to substitute their own (internal) security standards and to report against those. This helps them monitor how well their security policy is implemented and complied with and also alerts management to deviations from policy in specific departments or on certain computers.

We have a database of real/actual industry averages for security. This is quite unique. We can currently compare (graph) security over different points in time, over several machines, and calculate security norms and averages by industry type and geographical location. This can produce some interesting results!

Contact us for further details.

Go to top Can we exchange encrypted email (S/MIME, SSL or TLS) with SekChek?

Yes, our Mail servers are configured to send and receive email using TLS (Transport Layer Security / SSL). If the TLS protocol is enabled on your Mail server all email traffic between SekChek's domain and your organisation's domain will be automatically encrypted.

SekChek also supports S/MIME, which ensures full end-to-end encryption of email. You can download SekChek's certificate from our web-site.

Let us know if you need more information regarding options for encrypting email.

Go to top How secure are the encrypted SekChek files & reports?

Very!

SekChek employs various industry-standard encryption algorithms and techniques to ensure the security of your data. These include Public Key encryption techniques based on the RSA algorithm, and symmetric encryption techniques using algorithms such as AES, DES and 3DES as well as proprietary methods.

Go to top Tell me about your subscription service!

The most convenient & cost effective way to use SekChek is through a subscription. The pricing structure is very simple - the more SekChek's you subscribe to, the less they cost per copy. Contact us for more details.

Prices are consistent across the entire SekChek range (AS/400, NetWare, NT/2000/2003 & UNIX), so you only need purchase one subscription. You are free to choose and mix different SekChek services in the same subscription.

Once your subscription is confirmed you just send us your security files for processing any time you are ready. From time to time we will send you a statement indicating your usage of SekChek and we will issue a reminder just before your subscription is consumed. Subscriptions have no time limits attached to them.

Go to top What payment options are available?

Direct (Bank-to-Bank) transfer
This is the preferred option. In general, it is the quickest and safest payment method.

Cheque payment
If you prefer to make payment by cheque we recommend that you send your cheque via a courier company, rather than the regular postal system. We have special arrangements in place with UPS, Fedex and DHL, which help to speed up the process.

Credit Card payments
We can also accept payment via a secure Credit Card payment system managed by Kagi.

Contact us for more information on any of these payment methods.

Go to top What are your plans for SekChek?

Our guiding principles are ease-of-use and interpretation; non-intrusiveness on the host machine; low cost; and speed of delivery.

Some of the more specific areas we are focusing on include improved graphical summaries, trend analyses (spanning time, machines, departments etc.), and 'industry average' bench-marks by industry type and geographical location.

The direction the SekChek service takes is largely determined by your requirements and needs. Tell us what you want.

Go to top What is the difference between the Client software, Extract software & Processing Engine?

The Client software contains usage instructions, encryption/decryption software, sample reports and the ability to create additional copies of the Client & Extract software. It typically resides on your PC.

You use the Extract software to extract security data from an AS/400, NetWare, UNIX, Windows NT/2000/2003 host/target machine. It will only run on those systems.

The Processing Engine is used by the SekChek team to process your extracted security data, to calculate industry averages & comparisons, and to generate/encrypt your SekChek report.

Go to top What are the differences between the SekChek Classic tool and the SekChek Local tool?

SekChek Local allows you to scan and analyse multiple Servers at a time. The software runs on your workstation and scans target Hosts across the network. Because Scan data is processed locally on your PC, there is no requirement to send data off-site for processing.

SekChek Classic provides you with a comprehensive report in MS-Word and Access / Excel formats, including non-technical summary reports, an Overall Rating of security against real-life industry averages, implications and general recommendations

See Benefits, SekChek Local vs SekChek Classic for a more detailed comparison of SekChek's 'Classic' & 'Local' tools.

Go to top What are the copyright restrictions on the software?

Quite simply, NONE! Although we retain the title and ownership of the SekChek software, you are free to use and to distribute the software in its current form to anyone you wish.

However, you are not allowed to attempt to modify, translate, reverse engineer, disassemble, or to create derivative works based on the software without the prior written consent of SekChek.

Go to top Can SekChek analyse Registry keys and NTFS permissions?

Yes.

SekChek can report on values for System Registry keys and analyse DACLs (Discretionary Access Control Lists) and SACLs (System Access Control Lists) for files and directories.

You do this by defining the list of the Registry keys, and the names of the files and directories you want to analyse in file sekchek.inp. See SekChek for Windows' Extract instructions for details in the SekChek Help File.

  
   

Go to top Why can’t the Encrypt function ‘see’ my Extract files?

The most likely reason is that your Extract file is incorrectly named. For example:

  • SekChek for AS/400: The files must have ‘.txt’ extensions, such as PROFBAS.TXT, SYSVALS.TXT.
  • SekChek for UNIX: The file must be named sekunf.z or sekunf.tar. In certain cases you may have a collection of ‘.txt’ files, such as hostname.txt etc.
  • SekChek for Windows: The file must be named SEK2KF.ZIP or SEKNTF.ZIP. The Encrypt function will also recognize files with extended names, such as ‘SEK2KF MyDescription.zip’. However, it will not recognize file ‘MyDescription SEK2KF.ZIP’.
  • SekChek for Netware: The file must be named SEKNEF.ZIP. The Encrypt function will also recognize files with extended names, such as ‘SEKNEF MyDescription.ZIP’.
    See Encrypting your extracted security data for more information

See Encrypting your extracted security data in the SekChek Help File for more information.

Go to top Error: 'SekChek's digital certificate is expired or damaged' when you enable PKI features

It is possible that the certificate has expired.

However, the most likely reason is that your system's policies prevent third-party Root CAs from being trusted. This is particularly common on systems that are running MS-Vista.

Try to install SekChek's Root certificate manually, via the Certificate Import Wizard. (double-click on file SekRoot.cer, which is located in SekChek's installation directory)

If your system prevents third-party Root CAs from being trusted, Windows-XP may display one of the following messages:

  • "An error occurred during the addition of a certificate to the Trusted Root Certification Authorities store."
  • "The import failed because the store was read-only, the store was full, or the store did not open correctly."

With MS-Vista your system may not display any error message, but the certificate may be installed in your system's Intermediate CA store, instead of the Trusted Root CA store. This may occur even though you explicitly requested the certificate to be installed in the Trusted Root CA store.

The solution is to amend policy to ensure your system trusts SekChek's Root CA (only) or all third-party Root CAs.

Go to top Error: 'Setup fatal error: Unable to generate installation log file' when installing the SekChek software

This error typically occurs if the account being used to install the SekChek Client software does not have Write permissions on Folder 'C:\Windows\'. The Setup routine uses this Folder to store its bootstrap / temporary installation files.

You can check this by viewing the security permissions on your system's C:\Windows\ directory (right-click on the Folder | Properties | Security Tab).

The solution is to install the SekChek software with an account that has sufficient permissions for the Folder.

Go to top Error: 'The Page Cannot be Displayed' when I open SekChek's Help file (sekchek.chm)

The error is due to security settings on your PC that prevent executable files (e.g. EXE, CHM files etc) located in other domains from being executed. This occurs for example, when you try to open SekChek.chm directly from SekChek's web site. This is normal / good practice for security.

The solution is to download the Help file (SekChek.chm) to a local drive on your PC and open the file from there.

Go to top Error: 'NTVDM encountered a hard error.' when executing the Windows Extract software

When you attempt to execute the SekChek for Windows Extract software (SEKWIEXT.EXE) a warning message box is displayed with the title 'ntvdm.exe - System Error' and text 'NTVDM encountered a hard error.', reply Close or Ignore.

The error occurs because file SEKWIEXT.EXE is corrupt. This is often caused by anti-virus software.

The solution is to obtain a fresh copy of SEKWIEXT.EXE or to create it via the SekChek Client software, which is located on our web site. The size of file SEKWIEXT.EXE is about 1.4 MB.