lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <5.1.1.6.0.20040225234136.02430c30@127.0.0.1>
From: lists at domain-logic.com (randall perry)
Subject: Need help in performing a remote
  vulnerability scan

At 10:32 PM 2/25/2004 -0500, you wrote:
>Hello:
>
>I work for a manufacturing company that has many remote sites.
>
>I am in the US and I have been tasked with performing vulnerability 
>assessments for about 30 remote sites in Europe, AsiaPac and South America.
>
>Can anyone recommend a method and set of tools that I can use to do them 
>remotely?
>
>What I was thinking of was if there was an agent they could load remotely.
>Or possibly I could send them a CD-ROM; have them run the tool, and then 
>send the output back to me in the USA.
Sure, just post to a couple of LUGs how much you just loooove SCO and would 
like to
see the whole OpenSource scene crushed by SantaCruz and Redmond ogers.

Be sure to post from one of your company PC's so the IP can be tracked 
through the header.

I am sure you would have plenty of anonymous volunteers to help test your 
IDS system.
;)

Or...you could try running the tried and true..
Nessus, nMap, etc..

Understand that testing through your ISP may violate your terms of 
agreement (or at least
raise some red flags if you did open port scanning without stealth).

Also keep in mind that vulnerabily assessment is MUCH MORE than 37337 hax0r 
on the Internet.
Here is a random range of items to have in place:
-Secure code locks on server room doors (with ridged steel jambs),
-screen saver passwords,
-wifi auditing,
-removing Post-it password notes from the bottoms of keyboards,
-document shredding and destroying policies...

The list goes on and on and from this small sample, you can begin to 
understand the wide-reaching
arms of 'secure policy'.

Also don't forget your phone systems, video conferencing systems, wireless 
phones and faxing.
These should all fall under the management of IT, and are also suceptible 
to tampering with and theft.

With such a big task, you might consider bringing in some reliable auditing 
teams.

Good luck with that.

*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
       Randall Perry
       Domain Logic Technology Solutions
       http://www.domain-logic.com

Every problem has a solution. If there is no solution, there is no problem..

*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ