Full Disclosure mailing list archives
Re: Vulnerability Scans
From: Michael Sconzo <msconzo () tamu edu>
Date: Tue, 2 Dec 2003 16:01:57 -0600
There is a really nice tool, that works quite well on various Unix flavors. It was originally released by Texas A&M University, and is now maintained over at http://savannah.nongnu.org/projects/tiger I would suggest looking at some of their checks, as well as seeing how they are done for unix. As for windows I have a bit less knowledge about..but the MSBA is seems to work reasonably well for the basics. Hope this provides some good starting points. -=Mike On Tue, Dec 02, 2003 at 01:28:05PM -0700, Robert Raver wrote:
Hey, I am doing a report on vulnerability scans and what should be included in it. I came up with a list of what I think should be included in a scan for in different operating systems. Wondering if you guys could direct me to pages that can inform me or give me your ideas. Below is the lists I created. This is for a scan on a single machine and is mostly targeted towards Unix/Linux machines. Let me know. This section lists the Unix system security criteria: 1. /etc/passwd not world-writable 2. No unnecessary services running 3. FTP directory not writable by user anonymous 4. NFS not configured to be world-writable 5. Passwords not crackable by dictionary attack 6. . 7. . 1.1.1 Windows System Security Criteria This section lists the Windows system security criteria: 1. guest account disabled 2. No unnecessary services running 3. System patched with most recent applicable hot fixes 4. Passwords not crackable by dictionary attack I have also included a port/services scan using nessus and the SANS Top 20 list. Thanks, Robert Raver
-- The New Testament offers the basis for modern computer coding theory, in the form of an affirmation of the binary number system. But let your communication be Yea, yea; nay, nay: for whatsoever is more than these cometh of evil. -- Matthew 5:37 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Vulnerability Scans Robert Raver (Dec 02)
- Re: Vulnerability Scans Michael Sconzo (Dec 02)
- <Possible follow-ups>
- RE: Vulnerability Scans hugh_fraser (Dec 03)