[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5.1.1.6.0.20040225234136.02430c30@127.0.0.1>
From: lists at domain-logic.com (randall perry)
Subject: Need help in performing a remote
vulnerability scan
At 10:32 PM 2/25/2004 -0500, you wrote:
>Hello:
>
>I work for a manufacturing company that has many remote sites.
>
>I am in the US and I have been tasked with performing vulnerability
>assessments for about 30 remote sites in Europe, AsiaPac and South America.
>
>Can anyone recommend a method and set of tools that I can use to do them
>remotely?
>
>What I was thinking of was if there was an agent they could load remotely.
>Or possibly I could send them a CD-ROM; have them run the tool, and then
>send the output back to me in the USA.
Sure, just post to a couple of LUGs how much you just loooove SCO and would
like to
see the whole OpenSource scene crushed by SantaCruz and Redmond ogers.
Be sure to post from one of your company PC's so the IP can be tracked
through the header.
I am sure you would have plenty of anonymous volunteers to help test your
IDS system.
;)
Or...you could try running the tried and true..
Nessus, nMap, etc..
Understand that testing through your ISP may violate your terms of
agreement (or at least
raise some red flags if you did open port scanning without stealth).
Also keep in mind that vulnerabily assessment is MUCH MORE than 37337 hax0r
on the Internet.
Here is a random range of items to have in place:
-Secure code locks on server room doors (with ridged steel jambs),
-screen saver passwords,
-wifi auditing,
-removing Post-it password notes from the bottoms of keyboards,
-document shredding and destroying policies...
The list goes on and on and from this small sample, you can begin to
understand the wide-reaching
arms of 'secure policy'.
Also don't forget your phone systems, video conferencing systems, wireless
phones and faxing.
These should all fall under the management of IT, and are also suceptible
to tampering with and theft.
With such a big task, you might consider bringing in some reliable auditing
teams.
Good luck with that.
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
Randall Perry
Domain Logic Technology Solutions
http://www.domain-logic.com
Every problem has a solution. If there is no solution, there is no problem..
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
Powered by blists - more mailing lists