Penetration Testing mailing list archives
Performing a Security Audit
From: Dustin Puryear <dpuryear () usa net>
Date: 07 Sep 2001 16:23:04 -0500
A client I work for has requested that I perform a security review of a cluster that I am helping them on. I have experience in hardening systems, but I do NOT have experience in performing a formal top-down review. I scanned the pen-test archives, including the recent "Security Audit" thread, but didn't find anything that had a subject line that caught my eye. Also, I tried using the security-focus.com search tool, but it reports it is not available "at this time." Oh well on that front. Can anyone provide links to sites or books or just be helpful by providing information on how a security review is approached? I am not really looking for information on analyzing a particular system or trying to exploit a given service--that information is more than readily available on the net and at the bookstore. Rather, I would like an overview of how a security audit is performed. Something on the lines of: o Create Security Audit Outline 1. List items to be evaluated o web service o smtp ... ... o Review AU, InfoSec, and XYZ Policies o Perform System Analysis 1. Determine running services o http o smtp o Attempt Exploits ... Also, how should results be organized? How are reports organized? And what about checklists? Etc, etc. Any help would be appreciated! Regards, Dustin -- Dustin Puryear <dpuryear () usa net> http://members.telocity.com/~dpuryear In the beginning the Universe was created. This has been widely regarded as a bad move. - Douglas Adams ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Performing a Security Audit Dustin Puryear (Sep 07)
- Re: Performing a Security Audit bacano (Sep 10)
- Message not available
- Re: Performing a Security Audit Dustin Puryear (Sep 10)