RE: Auditing a Win2K box

["Brad Moldenhauer" <totti540 () hotmail com>]

This is another tool that I have never used personally, but was designed by 
an IT Integrator.  It allows you to customize the checklist of whatever OS 
you are attempting to scan in a Windows environment.  I don't know what the 
availability of this application is, but it appears to be a customized 
version of the MBSA.

http://csrc.nist.gov/checklists/presentations/panel3-vendor_session-business_case_analysis_for_checklist_development/Ferguson.pdf

From: "Ferino Mardo" <RMardo () ALJOMAIHBEV com>
To: <security-basics () securityfocus com>
Subject: RE: Auditing a Win2K box
Date: Thu, 7 Oct 2004 11:24:14 +0300

to start with, you can use MBSA (MS baseline security audit), then get
superscan4 from foundstone.com or checkout the security audit/scanner
from www.gfi.com.

all of the above are free except the ones from GFI which are actually
full working version for 30 days.

hth.

> -----Original Message-----
> From: xyberpix [mailto:xyberpix () xyberpix com]
> Sent: Tuesday, October 05, 2004 07:18 PM
> To: Security Basics[List]
> Subject: Auditing a Win2K box
>
>
> Hi All,
>
> I've been asked to audit a Win2k server, and being used to
> *nix boxes, I could really do with some pointers here. Aside
> from Nessus,nmap and the likes thereof, can anyone please
> point me to some decent software(preferably free), and or
> docs/sites to do a security audit of a Win2k Server, and the
> various things to look out for?
>
> TIA
>
> xyberpix
>
> --
> For security and Opensource news check out:
> http://xyberpix.demon.co.uk
>
>