Penetration Testing mailing list archives

Re: [PEN-TEST] ForixNT, the NT Audit Toolkit

From: Talisker <Talisker () NETWORKINTRUSION CO UK>
Date: Thu, 31 Aug 2000 19:17:29 +0100

H

I should have elaborated, there seems to be no autofix or reports, the
examples of what is audited seem limited in comparison to the likes of STAT
and securityExpressions.  That been said we had a long conversation at work
I didn't realise that it was open source, a real bonus in my opinion

furthermore having spoken to someone from the company last night ITS CHEAP
another bonus.  I didnt mean for my statement to sound derogatory I was
merely giving my first impression.

That being said I have been looking at agentless NT scanners for a while
now, the main contenders seem to be SecurityExpressions and STAT, in
addition ISS Internet Scanner will allegedly scan a host if presented with
an admin account.

Interesting..."weak" how?  How is being able to
update say, your Domain Account Policies, across
the enterprise, "weak"?  And being able to do so
based on any aspect of the system...type, IP
address, etc?


STAT and SecurityExpressions will do similar, you can group machines of a
particular type ie you can audit workstations to one ruleset servers to
another.


How is providing an easy means for an NT
administrator to perform regular scans to ensure
compliance with policies "weak"?

Without autofix can you ensure compliance? you can observe compliance and
recommend changes.

STAT and SecurityExpressions will do similar.

Let me through this out...you looked at the
example.txt file and figured that was all that
ForixNT is capable of.  ForixNT is a toolkit for
performing audits and updates...based on the needs
to of the NT administrator.  Given the model and
design, it's far easier to update.  Most
commercial tools are moving to a live update
feature...but suppose you need something specific
to your infrastructure, such as a particular
Registry setting (or several) set and checked.
How do you get the commercial company to release
an update just for you?

STAT and SecurityExpressions will do similar, Included with
SecurityExpressions is the US Navy audits for workstations Servers and
Domain Controllers, and a Sans audit.  These can be altered to fit your own
organisation.  Moreover, the autofix feature will ensure an exact compliance
throughout your enterprise.  I believe STAT is similar but until they
provide a FULL eval I haven't really touched it.  STAT also gives a fuller
analysis of the vulnerability and grades the significance of the
vulnerability.

Keep in mind that the more popular commercial
scanning tools will report vulnerabilities based
on some arbitrary determination of what a
"vulnerability" is...ForixNT is far more flexible
and extensible, and allows the NT administrator to
use the tool to meet the needs of the
infrastructure, rather than the other way around.


See my last paragraph



www.networkintrusion.co.uk Listing all known commercial IDS
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "H Carvey" <keydet89 () YAHOO COM>
To: <PEN-TEST () SECURITYFOCUS COM>
Sent: Thursday, August 31, 2000 10:31 AM
Subject: Re: [PEN-TEST] ForixNT, the NT Audit Toolkit

Just been looking at the ForixNT example and in

comparison to other NT

agentless products such as STAT and

SecurityExpressions it seems a little

weak.


Interesting..."weak" how?  How is being able to
update say, your Domain Account Policies, across
the enterprise, "weak"?  And being able to do so
based on any aspect of the system...type, IP
address, etc?

How is providing an easy means for an NT
administrator to perform regular scans to ensure
compliance with policies "weak"?

Let me through this out...you looked at the
example.txt file and figured that was all that
ForixNT is capable of.  ForixNT is a toolkit for
performing audits and updates...based on the needs
to of the NT administrator.  Given the model and
design, it's far easier to update.  Most
commercial tools are moving to a live update
feature...but suppose you need something specific
to your infrastructure, such as a particular
Registry setting (or several) set and checked.
How do you get the commercial company to release
an update just for you?

Keep in mind that the more popular commercial
scanning tools will report vulnerabilities based
on some arbitrary determination of what a
"vulnerability" is...ForixNT is far more flexible
and extensible, and allows the NT administrator to
use the tool to meet the needs of the
infrastructure, rather than the other way around.

H. Carvey
Lead Developer, ForixNT

Current thread:

[PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 29)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Talisker (Aug 30)
- <Possible follow-ups>
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)
  - Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Teicher, Mark (Aug 31)
  - Re: [PEN-TEST] ForixNT, the NT Audit Toolkit Talisker (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)
- Re: [PEN-TEST] ForixNT, the NT Audit Toolkit H Carvey (Aug 31)