Full Disclosure mailing list archives
Vulnerability Scans
From: "Robert Raver" <rraver () ipconsole com>
Date: Tue, 2 Dec 2003 13:28:05 -0700
Hey, I am doing a report on vulnerability scans and what should be included in it. I came up with a list of what I think should be included in a scan for in different operating systems. Wondering if you guys could direct me to pages that can inform me or give me your ideas. Below is the lists I created. This is for a scan on a single machine and is mostly targeted towards Unix/Linux machines. Let me know. This section lists the Unix system security criteria: 1. /etc/passwd not world-writable 2. No unnecessary services running 3. FTP directory not writable by user anonymous 4. NFS not configured to be world-writable 5. Passwords not crackable by dictionary attack 6. . 7. . 1.1.1 Windows System Security Criteria This section lists the Windows system security criteria: 1. guest account disabled 2. No unnecessary services running 3. System patched with most recent applicable hot fixes 4. Passwords not crackable by dictionary attack I have also included a port/services scan using nessus and the SANS Top 20 list. Thanks, Robert Raver
Current thread:
- Vulnerability Scans Robert Raver (Dec 02)
- Re: Vulnerability Scans Michael Sconzo (Dec 02)
- <Possible follow-ups>
- RE: Vulnerability Scans hugh_fraser (Dec 03)