[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Vulnerability Scans

To: <rraver@ipconsole.com>, <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Vulnerability Scans
From: <hugh_fraser@dofasco.ca>
Date: Wed, 3 Dec 2003 10:59:44 -0500

You've mentioned Nessus for port scans... it can do a lot of
vulnerability checks as well, viewing the system from the outside. In
the Unix realm, have a look at COPS and Tiger for security audits for a
perspective from within the host. They're pretty aggressive at doing
exactly what you're asking for. The advantage to using one of the tools,
of course, is that you benefit from the cumulative knowledge of all the
people who've contributed to them, rather than trying to re-invent the
wheel yourself.
 
I'd also recommend using a tool like Tripwire or Samhain to do a
baseline of the original system and then include it in subsequent audits
to identify changes.
 
In the Windows environments, include Microsoft's own Baseline Analyzer.

        -----Original Message-----
        From: Robert Raver [mailto:rraver@ipconsole.com] 
        Sent: Tuesday, December 02, 2003 3:28 PM
        To: full-disclosure@lists.netsys.com
        Subject: [Full-Disclosure] Vulnerability Scans
        
        

        Hey,

         

        I am doing a report on vulnerability scans and what should be
included in it.  I came up with a list of what I think should be
included in a scan for in different operating systems.  Wondering if you
guys could direct me to pages that can inform me or give me your ideas.
Below is the lists I created.  This is for a scan on a single machine
and is mostly targeted towards Unix/Linux machines.  Let me know.

         

                    This section lists the Unix system security
criteria:

        1.      /etc/passwd not world-writable

        2.      No unnecessary services running

        3.      FTP directory not writable by user anonymous

        4.      NFS not configured to be world-writable

        5.      Passwords not crackable by dictionary attack

        6.      ...

        7.      ...

         


        1.1.1   Windows System Security Criteria


                    This section lists the Windows system security
criteria:

        1.      guest account disabled

        2.      No unnecessary services running

        3.      System patched with most recent applicable hot fixes

        4.      Passwords not crackable by dictionary attack

         

        I have also included a port/services scan using nessus and the
SANS Top 20 list.

         

         

        Thanks,

        Robert Raver

Prev by Date: [Full-Disclosure] SUSE Security Announcement: gpg (SuSE-SA:2003:048)
Next by Date: [Full-Disclosure] RE: Yahoo Instant Messenger YAUTO.DLL buffer overflow
Previous by thread: Re: [Full-Disclosure] Vulnerability Scans
Next by thread: [Full-Disclosure] "The Rotten File" ( XFTeam IRC Chat log - script kiddies - just for fun )
Index(es):
- Date
- Thread