Re: Need help in performing a remote vulnerability scan

[Mike Barushok <mikehome () kcisp net>]

On Wed, 25 Feb 2004, Scott Connors wrote:

> Hello:
>
> I work for a manufacturing company that has many remote sites.

A question you will need to find the answer to is:
 What is the potential downside if information that is private,
 proprietary, company confidential, or belongs to vendors or
 to customers is disclosed and not known to have been leaked?

 In other words, it would be bad to find out there had been a
 security breach. It would be worse to find out only after a
 competitor had developed a product or service as if they knew
 what your company had planned for the future. It also would be
 bad if your customers were approached by your competiton with
 information about their plans that had only been shared with
 your company. And, what if your vendors decided your finances,
 or your practices for bidding, or some other internal procedures
 were completely known to them?

 These are things that determine the 'value' of information
 security, and that should determine how much your company will
 'gain' from spending money now to prevent.

> I am in the US and I have been tasked with performing vulnerability 
> assessments for about 30 remote sites in Europe, AsiaPac and South America.

As an overall sloppy way to see the likelihood of already suffered
a major breach of security that might not be a bad element in a
larger strategy. Only if it is seen as 'how likely is it that
amateur bad guys have already raped, pillaged and plundered us'.

> Can anyone recommend a method and set of tools that I can use to do them 
> remotely?

Standard script-kiddie tools would tell you whether the 'standard
script kiddies' already 'own' you. If you run something like
nessus, and see vulnerabilities, you can safely conclude that the
exploits for those vulnerabilities have been tried by others.

> What I was thinking of was if there was an agent they could load remotely.  
> Or possibly I could send them a CD-ROM; have them run the tool, and then 
> send the output back to me in the USA.

That would be a local, rather than a remote, test. While both are
needed, and in fact most breeches of authorized access are
'local', but is that what you have actually been tasked to do?

To the extent that you may be working for PHB's, you might want
to make sure you are not about to be a Dilbert.

(See if you can find the Dilbert from Sunday, January 10, 2004).


> Thanks,
> Scott
> scottoconnors () hotmail com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html