RE: System Security Audits

["J. Oquendo" <sil () politrix org>]

<two cents>
Should you decide to go with something of a `portable` Antivirus tool
check out NAI's 'Stinger' if you haven;t already. It fits on a floppy and
is constantly updated. As for `skid's' response, it would not be that
complicated if CDR's were used although it would be cumbersome to keep
updating the recordable CD.

As per Peteris' comment on permissions, if in an environment where you're
doing a pen-test, a machine allows you to boot from say a floppy, or cd, I
would say you would have more to worry about than a virus. I take this
post as meaning you're doing a pen test to check "SECURITY" on a machine,
and a machine that is supposed to be `secure' should not allow anyone to
boot from `disposables' (if you will)

</two cents>

> Trojans/Viruses etc. are constantly changing things. Making a CD will
> mean you'll have to make a new CD all the time to keep up-to-date with
> the changes, sounds like one big mess to me.
>
> -----Original Message-----
> From: Peteris Krumins [mailto:newsgroups () lf lv]
> Sent: Saturday, November 29, 2003 12:01 AM
> To: pen-test () securityfocus com
> Subject: System Security Audits
>
>
>
>  Hello,
>
>   I have a question about doing system (Windows) security
>   audits.
>   By system security audits I mean things like checking if computer
>   is free of malware, trojans, viruses, if user has appropriate
>   permissions (not too high or to say if user has restrictive
>   permissions) etc.
>
>   I have a couple of ideas which i could use, one is to create
>   an universal CD with all the stuff needed. Everything is on the
>   CD, nothing will be installed on the client's computer.
>   The Audit Team just puts CD in, runs applications and that's it.
>
>   The other is to bool from a CD on the client's computer
>   which would bring us to some different environment (probably
>   linux). As booted mount the filesystems and do all the
>   audit stuff from such environment.
>
>   Or, please, suggest any other methods that could be used.
>
>
> P.Krumins


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D

http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D

sil @ politrix . org    http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

"How do you know where I'm at when you haven't been where I've
been understand where I'm coming from" -- Cypress Hills


---------------------------------------------------------------------------
----------------------------------------------------------------------------