[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C67E869B53B8344ABD43CB6FB7A2AA9C0C7B40@mailsrv01.hamilton.dofasco.ca>
From: hugh_fraser at dofasco.ca (hugh_fraser@...asco.ca)
Subject: Vulnerability Scans
You've mentioned Nessus for port scans... it can do a lot of
vulnerability checks as well, viewing the system from the outside. In
the Unix realm, have a look at COPS and Tiger for security audits for a
perspective from within the host. They're pretty aggressive at doing
exactly what you're asking for. The advantage to using one of the tools,
of course, is that you benefit from the cumulative knowledge of all the
people who've contributed to them, rather than trying to re-invent the
wheel yourself.
I'd also recommend using a tool like Tripwire or Samhain to do a
baseline of the original system and then include it in subsequent audits
to identify changes.
In the Windows environments, include Microsoft's own Baseline Analyzer.
-----Original Message-----
From: Robert Raver [mailto:rraver@...onsole.com]
Sent: Tuesday, December 02, 2003 3:28 PM
To: full-disclosure@...ts.netsys.com
Subject: [Full-Disclosure] Vulnerability Scans
Hey,
I am doing a report on vulnerability scans and what should be
included in it. I came up with a list of what I think should be
included in a scan for in different operating systems. Wondering if you
guys could direct me to pages that can inform me or give me your ideas.
Below is the lists I created. This is for a scan on a single machine
and is mostly targeted towards Unix/Linux machines. Let me know.
This section lists the Unix system security
criteria:
1. /etc/passwd not world-writable
2. No unnecessary services running
3. FTP directory not writable by user anonymous
4. NFS not configured to be world-writable
5. Passwords not crackable by dictionary attack
6. ...
7. ...
1.1.1 Windows System Security Criteria
This section lists the Windows system security
criteria:
1. guest account disabled
2. No unnecessary services running
3. System patched with most recent applicable hot fixes
4. Passwords not crackable by dictionary attack
I have also included a port/services scan using nessus and the
SANS Top 20 list.
Thanks,
Robert Raver
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20031203/f9e5adca/attachment.html
Powered by blists - more mailing lists