Full Disclosure mailing list archives

Re: Vulnerability Scans

From: Michael Sconzo <msconzo () tamu edu>
Date: Tue, 2 Dec 2003 16:01:57 -0600

There is a really nice tool, that works quite well on various Unix flavors.
It was originally released by Texas A&M University, and is now
maintained over at http://savannah.nongnu.org/projects/tiger

I would suggest looking at some of their checks, as well as seeing
how they are done for unix.

As for windows I have a bit less knowledge about..but the MSBA is
seems to work reasonably well for the basics.

Hope this provides some good starting points.

-=Mike

On Tue, Dec 02, 2003 at 01:28:05PM -0700, Robert Raver wrote:

Hey,

 

I am doing a report on vulnerability scans and what should be included in
it.  I came up with a list of what I think should be included in a scan for
in different operating systems.  Wondering if you guys could direct me to
pages that can inform me or give me your ideas.  Below is the lists I
created.  This is for a scan on a single machine and is mostly targeted
towards Unix/Linux machines.  Let me know.

 

            This section lists the Unix system security criteria:

1.      /etc/passwd not world-writable

2.      No unnecessary services running

3.      FTP directory not writable by user anonymous

4.      NFS not configured to be world-writable

5.      Passwords not crackable by dictionary attack

6.      .

7.      .

 


1.1.1   Windows System Security Criteria


            This section lists the Windows system security criteria:

1.      guest account disabled

2.      No unnecessary services running

3.      System patched with most recent applicable hot fixes

4.      Passwords not crackable by dictionary attack

 

I have also included a port/services scan using nessus and the SANS Top 20
list.

 

 

Thanks,

Robert Raver


-- 
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
        But let your communication be Yea, yea; nay, nay: for
        whatsoever is more than these cometh of evil.
                -- Matthew 5:37

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Vulnerability Scans Robert Raver (Dec 02)
- Re: Vulnerability Scans Michael Sconzo (Dec 02)
- <Possible follow-ups>
- RE: Vulnerability Scans hugh_fraser (Dec 03)