Penetration Testing mailing list archives
Re: [PEN-TEST] ForixNT, the NT Audit Toolkit
From: H Carvey <keydet89 () YAHOO COM>
Date: Thu, 31 Aug 2000 09:31:25 -0000
Just been looking at the ForixNT example and in
comparison to other NT
agentless products such as STAT and
SecurityExpressions it seems a little
weak.
Interesting..."weak" how? How is being able to update say, your Domain Account Policies, across the enterprise, "weak"? And being able to do so based on any aspect of the system...type, IP address, etc? How is providing an easy means for an NT administrator to perform regular scans to ensure compliance with policies "weak"? Let me through this out...you looked at the example.txt file and figured that was all that ForixNT is capable of. ForixNT is a toolkit for performing audits and updates...based on the needs to of the NT administrator. Given the model and design, it's far easier to update. Most commercial tools are moving to a live update feature...but suppose you need something specific to your infrastructure, such as a particular Registry setting (or several) set and checked. How do you get the commercial company to release an update just for you? Keep in mind that the more popular commercial scanning tools will report vulnerabilities based on some arbitrary determination of what a "vulnerability" is...ForixNT is far more flexible and extensible, and allows the NT administrator to use the tool to meet the needs of the infrastructure, rather than the other way around. H. Carvey Lead Developer, ForixNT
Current thread:
- [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 29)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Talisker (Aug 30)
- <Possible follow-ups>
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Teicher, Mark (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Talisker (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)