Full Disclosure mailing list archives
Gate
From: Aycan iRiCAN <aycan.irican () core gen tr>
Date: Sun, 11 May 2008 16:08:35 +0300
An officially declared open hole. http://www.cit.nih.gov/Support/FAQ/Fdcc/ 31. What's the proper configuration of the Windows XP personal firewall to allow for configuration scanning by the NIH Incident Response Team (NIH IRT)? As part of this program, OMB also requires verification of compliance with FDCC requirements using Security Content Automation Protocol (SCAP) scanning tools. NIH and HHS are in the process of acquiring SCAP technology which will allow IC’s to check their configurations as well as to provide reports to HHS and to the HHS Office of the Inspector General (OIG) upon request. Due to Windows XP firewall limitations, the capability to allow authorized scanning tools to audit systems for vulnerabilities is not feasible in light of FDCC. Scanning for vulnerabilities using traditional methods will be supplemented with the IRT’s capability to conduct Configuration scans of desktop and laptops using SCAP tools. The addition of these configuration audits along with the use of the Windows firewall will offset the risk of not using the traditional vulnerability scanning methods for workstations and laptops. Public-facing servers are not bound by FDCC and therefore traditional methods of vulnerability scanning will not be affected. FDCC Firewall Configuration to support NIH IRT compliance scanning: The File and Print Sharing and Server services must be enabled. With the Window firewall enabled, the following ports must be enabled: TCP 139 TCP 445 UDP 137 UDP 138 This document is at http://irm.cit.nih.gov/security/FDCC_Waivers.doc _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Gate Aycan iRiCAN (May 11)