Full Disclosure mailing list archives
RE: Vulnerability Scans
From: <hugh_fraser () dofasco ca>
Date: Wed, 3 Dec 2003 10:59:44 -0500
You've mentioned Nessus for port scans... it can do a lot of vulnerability checks as well, viewing the system from the outside. In the Unix realm, have a look at COPS and Tiger for security audits for a perspective from within the host. They're pretty aggressive at doing exactly what you're asking for. The advantage to using one of the tools, of course, is that you benefit from the cumulative knowledge of all the people who've contributed to them, rather than trying to re-invent the wheel yourself. I'd also recommend using a tool like Tripwire or Samhain to do a baseline of the original system and then include it in subsequent audits to identify changes. In the Windows environments, include Microsoft's own Baseline Analyzer. -----Original Message----- From: Robert Raver [mailto:rraver () ipconsole com] Sent: Tuesday, December 02, 2003 3:28 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Vulnerability Scans Hey, I am doing a report on vulnerability scans and what should be included in it. I came up with a list of what I think should be included in a scan for in different operating systems. Wondering if you guys could direct me to pages that can inform me or give me your ideas. Below is the lists I created. This is for a scan on a single machine and is mostly targeted towards Unix/Linux machines. Let me know. This section lists the Unix system security criteria: 1. /etc/passwd not world-writable 2. No unnecessary services running 3. FTP directory not writable by user anonymous 4. NFS not configured to be world-writable 5. Passwords not crackable by dictionary attack 6. ... 7. ... 1.1.1 Windows System Security Criteria This section lists the Windows system security criteria: 1. guest account disabled 2. No unnecessary services running 3. System patched with most recent applicable hot fixes 4. Passwords not crackable by dictionary attack I have also included a port/services scan using nessus and the SANS Top 20 list. Thanks, Robert Raver
Current thread:
- Vulnerability Scans Robert Raver (Dec 02)
- Re: Vulnerability Scans Michael Sconzo (Dec 02)
- <Possible follow-ups>
- RE: Vulnerability Scans hugh_fraser (Dec 03)