Penetration Testing mailing list archives
RE: System Security Audits
From: "J. Oquendo" <sil () politrix org>
Date: Mon, 1 Dec 2003 14:01:14 -0500 (EST)
<two cents> Should you decide to go with something of a `portable` Antivirus tool check out NAI's 'Stinger' if you haven;t already. It fits on a floppy and is constantly updated. As for `skid's' response, it would not be that complicated if CDR's were used although it would be cumbersome to keep updating the recordable CD. As per Peteris' comment on permissions, if in an environment where you're doing a pen-test, a machine allows you to boot from say a floppy, or cd, I would say you would have more to worry about than a virus. I take this post as meaning you're doing a pen test to check "SECURITY" on a machine, and a machine that is supposed to be `secure' should not allow anyone to boot from `disposables' (if you will) </two cents>
Trojans/Viruses etc. are constantly changing things. Making a CD will mean you'll have to make a new CD all the time to keep up-to-date with the changes, sounds like one big mess to me. -----Original Message----- From: Peteris Krumins [mailto:newsgroups () lf lv] Sent: Saturday, November 29, 2003 12:01 AM To: pen-test () securityfocus com Subject: System Security Audits Hello, I have a question about doing system (Windows) security audits. By system security audits I mean things like checking if computer is free of malware, trojans, viruses, if user has appropriate permissions (not too high or to say if user has restrictive permissions) etc. I have a couple of ideas which i could use, one is to create an universal CD with all the stuff needed. Everything is on the CD, nothing will be installed on the client's computer. The Audit Team just puts CD in, runs applications and that's it. The other is to bool from a CD on the client's computer which would bring us to some different environment (probably linux). As booted mount the filesystems and do all the audit stuff from such environment. Or, please, suggest any other methods that could be used. P.Krumins
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+= J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . org http://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How do you know where I'm at when you haven't been where I've been understand where I'm coming from" -- Cypress Hills --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: System Security Audits Keenen Milner (Dec 01)
- RE: [inbox] RE: System Security Audits Curt Purdy (Dec 01)
- <Possible follow-ups>
- RE: System Security Audits Skid (Dec 01)
- RE: System Security Audits J. Oquendo (Dec 01)
- Re: System Security Audits Dave Piscitello (Dec 11)