Security Basics mailing list archives

FW: Auditing a Win2K box

From: "David Nardoni" <dnardoni () sbcglobal net>
Date: Thu, 7 Oct 2004 09:15:09 -0700

 I would recommend using a framework for your audit such as
http://www.isecom.org/osstmm/

If you are looking for tools try http://www.insecure.org/tools.html

Also, if you are looking for exploiting the server try :
http://www.metasploit.com/projects/Framework/

Many of the hacking exposed books, especially the ones geared toward W2K or
W2003 speak about the tools you are looking for and how to use them.


Dave Nardoni CISSP
First Response Consulting Services, Inc.
dnardoni () firstresponseconsulting com

-----Original Message-----
From: xyberpix [mailto:xyberpix () xyberpix com] 
Sent: Tuesday, October 05, 2004 9:18 AM
To: Security Basics[List]
Subject: Auditing a Win2K box

Hi All,

I've been asked to audit a Win2k server, and being used to *nix boxes, I
could really do with some pointers here. Aside from Nessus,nmap and the
likes thereof, can anyone please point me to some decent software(preferably
free), and or docs/sites to do a security audit of a Win2k Server, and the
various things to look out for?

TIA

xyberpix

--
For security and Opensource news check out:
http://xyberpix.demon.co.uk

Current thread:

RE: Auditing a Win2K box Ferino Mardo (Oct 07)
- <Possible follow-ups>
- Re: Auditing a Win2K box H Carvey (Oct 07)
- FW: Auditing a Win2K box David Nardoni (Oct 07)
- RE: Auditing a Win2K box Jason Allred (Oct 07)
- RE: Auditing a Win2K box Brad Moldenhauer (Oct 08)
  - Re: Auditing a Win2K box Mitchell Rowton (Oct 12)