[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20031202220157.GB16797@sooshie.tamu.edu>
From: msconzo at tamu.edu (Michael Sconzo)
Subject: Vulnerability Scans
There is a really nice tool, that works quite well on various Unix flavors.
It was originally released by Texas A&M University, and is now
maintained over at http://savannah.nongnu.org/projects/tiger
I would suggest looking at some of their checks, as well as seeing
how they are done for unix.
As for windows I have a bit less knowledge about..but the MSBA is
seems to work reasonably well for the basics.
Hope this provides some good starting points.
-=Mike
On Tue, Dec 02, 2003 at 01:28:05PM -0700, Robert Raver wrote:
> Hey,
>
>
>
> I am doing a report on vulnerability scans and what should be included in
> it. I came up with a list of what I think should be included in a scan for
> in different operating systems. Wondering if you guys could direct me to
> pages that can inform me or give me your ideas. Below is the lists I
> created. This is for a scan on a single machine and is mostly targeted
> towards Unix/Linux machines. Let me know.
>
>
>
> This section lists the Unix system security criteria:
>
> 1. /etc/passwd not world-writable
>
> 2. No unnecessary services running
>
> 3. FTP directory not writable by user anonymous
>
> 4. NFS not configured to be world-writable
>
> 5. Passwords not crackable by dictionary attack
>
> 6. .
>
> 7. .
>
>
>
>
> 1.1.1 Windows System Security Criteria
>
>
> This section lists the Windows system security criteria:
>
> 1. guest account disabled
>
> 2. No unnecessary services running
>
> 3. System patched with most recent applicable hot fixes
>
> 4. Passwords not crackable by dictionary attack
>
>
>
> I have also included a port/services scan using nessus and the SANS Top 20
> list.
>
>
>
>
>
> Thanks,
>
> Robert Raver
>
>
>
--
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
Powered by blists - more mailing lists