RE: Nessus/keyloggers

["Manuel Lanctôt" <inventaire () novalis-inc com>]

> -----Message d'origine-----
> De : netsec novice [mailto:netsec9 () hotmail com]
> Envoyé : 7 août, 2003 21:35
> À : security-basics () securityfocus com
> Objet : Nessus/keyloggers
>
>
> I would like to demonstrate the importance of physical security to
> management by presenting information I was able to easily obtain by
> accessing one of our 'publically' available PCs residing on our private
> network.  What I had in mind was to run a keylogger and perhaps
> nessus from
> a machine for a short period of time and present the output.  I pictured
> installing a keylogger and a reconaissance type tool on a
> thumbdrive - leave
> it there for a period of days and then retrieve.  Does anyone have
> suggestions on a keylogger or nessus type tool that could be easily
> installed on portable media that could then be carried away for
> analysis?  I
> want to provide as realistic scenario as possible.  IE - someone leaves a
> thumb drive attached for a day for keylogger or someone walks in
> and powers
> the PC off and then boots of a Linux based CD to run a scan and
> then easily
> collects data?
>
> Thanks for any ideas!!

Just so you know, the bootable Linux distro Knoppix [http://www.knoppix.org]
has nessus/nessusd included, as well as many other networks auditing and
security apps.

--
Manuel Lanctôt


---------------------------------------------------------------------------
----------------------------------------------------------------------------