A note on CIS and some new tools

[mnemonix () GLOBALNET CO UK (David Litchfield (Cerberus Information Security, Ltd))]

Hi All,
Due to a few requests I've posted some new auditing tools on the Cerberus
website:

nbtdump
This will dump NetBIOS information from your NT 4, Windows 2000 and Samba
servers. Runs on Windows NT 4 and 2000 only.

rpcdump
This will dump SUN RPC information from a *NIX machine (like running
rpcinfo -p host from a *nix shell prompt.) Runs on Windows 95, 98, NT and
2000.

webscan
A web scanner that scan for known security issues in your web servers be
they IIS, Apache, Netscape or whatever. Runs on Windows 95, 98, NT and 2000.

These tools are really just parts of our CIS security scanner but by
splitting some of the parts up we're able to cover more platforms from which
audits can be run and of course these tools and CIS are available from
http://www.cerberus-infosec.co.uk/

A note on CIS
***********
For those that are getting incorrect information about password issues - log
onto the the local machine and not the domain and then run the scanner. This
will stop this - seems like an MS API call not doing what it's supposed to
do ;-)

The website has also been changed and updated - if anyone doesn't like the
colours don't blame me - I'm colour blind ;-)

Cheers,
David Litchfield
Cerberus Information Security, Ltd
http://www.cerberus-infosec.co.uk/