Security Basics mailing list archives
Re: MBSA 1.2
From: Rohan Amin <rohan () rohanamin com>
Date: Tue, 10 Feb 2004 19:09:25 -0800
There is a free version of Nessus at http://www.nessus.org. This version requires the scanning engine to be installed on Unix. There is a Windows front-end, but the Unix scanning component is required. Tenable Network Security offers a commercial version of Nessus called NeWT. This version runs on Windows. http://www.tenablesecurity.com/newt.html. There is a "Windows" category of plugins that should report most of what you are looking for. Also, to clarify a statement I made before about the registry: that applies if you write your own checks to read the remote registry. Many of the Nessus plugins for common issues like MS03-026 and MS03-039 actually check for the vulnerability (not just read the registry to see if the patch is installed). If you want to stick with MBSA, you can authenticate to the IPC$ share of the machines beforehand and then run MBSA: net use \\192.168.1.5\IPC$ password /user:Administrator So, if you have your IPs in one file, you can write a script that will loop over them and attempt to 'net use' the IPC$ share multiple times (with the various usernames/passwords that are being used within your environment). Just be careful you don't lock yourself out. Regards, Rohan On Tue, Feb 10, 2004 at 01:16:06PM +0100, Nagy Gergely wrote:
Does Nessus run on XP? How can I set it to scan all the Microsoft patches on the given system and vulnerabilites? -----Original Message----- From: Rohan Amin [mailto:rohan () rohanamin com] Sent: Thursday, February 05, 2004 1:51 AM To: Nagy Gergely Cc: security-basics () securityfocus com Subject: Re: MBSA 1.2 A colleague and I have had success with using Nessus (http://www.nessus.org) for this purpose. Just modify smb_login.nasl to use the various Administrator passwords that you have. Nessus already includes a few checks for some patches, but if you need more you can always write some (its quite easy using NASL). Of course, you are trusting the registry to give you accurate information but it might be better than nothing. Hope this helps, Rohan On Tue, Feb 03, 2004 at 04:01:46PM +0100, Nagy Gergely wrote:Hi all, I have a very heterogenous infrasturcture, with most PC's logged into NDS. What is the use of MBSA (that requires local admin priv) if all the PC's have different local admin passwords? In this case, am I not able to scan the situation on the whole network? Then what else tool could I use to determine the state of patches? Br, Gery Ez a level virusellenorzesen esett at! This message was checked against viruses!---------------------------------------------------------------------------Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off anycourse! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, IntrusionPrevention,and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course!----------------------------------------------------------------------------Ez a level virusellenorzesen esett at! This message was checked against viruses! --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
--------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.astaro.com/php/contact/securityfocus.php ----------------------------------------------------------------------------
Current thread:
- Reserved named COM1 used as filename - IIS W2K Geo You (Feb 02)
- IIS Sniffing for newb Edmund Mitchell (Feb 02)
- SV: IIS Sniffing for newb Kim Guldberg (Feb 02)
- Re: IIS Sniffing for newb John LeMay (Feb 02)
- MBSA 1.2 Nagy Gergely (Feb 03)
- Re: MBSA 1.2 Rohan Amin (Feb 06)
- RE: MBSA 1.2 Nagy Gergely (Feb 10)
- RE: MBSA 1.2 Deniz CEVIK (Feb 11)
- Re: MBSA 1.2 Rohan Amin (Feb 11)
- RE: MBSA 1.2 Aditya, ALD [Aditya Lalit Deshmukh] (Feb 12)
- RE: MBSA 1.2 Deniz CEVIK (Feb 12)
- RE: MBSA 1.2 Kelly Martin (Feb 12)
- IIS Sniffing for newb Edmund Mitchell (Feb 02)