Vulnerability Development mailing list archives

Security auditing of network infrastructure

From: marti () VIDEOTRON CA (Martin M Samson)
Date: Sat, 11 Mar 2000 20:06:02 -0500


Good day to all,

We are currently in the process of auditing the vulnerability of
our network. We are using tools like ESS Internet Scanner and so
on, but do you know of recent written procedures for auditing
network infrastructure? We've looked at some stuff from the US
navy, but it was obsolete.

We are doing an indepth auditing from each and every server,
applications (of the shelf and "home made") on those servers,
routers, firewall etc. We have the expertise on site (network
managers, developpers etc.) but no security specialist. I don't
want to rely only on network specialist, there must be some
references we could use as a lead...

Thanks for your input!

Mart!

PS: By the way I would like to thank all those that gave their
opinion on my previous posting about "Raptor", it was greatly
appreciated.

Current thread:

NT 4.0 (Workstation) Logon Authentication Vulnerability, (continued)
- - - NT 4.0 (Workstation) Logon Authentication Vulnerability jhw1970 () HOTMAIL COM (Mar 14)
    - Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Phil Cox (Mar 14)
    - Re: NT 4.0 (Workstation) Logon Authentication Vulnerability Maxime Rousseau (Mar 15)
    - Re: MS Frontpage shtml.dll Path Leak Vulnerability Marc (Mar 14)
    - Re: Unwanted automagic processing (Was: Re: [Q] CORBA, IIOP) Simon Tamás (Mar 13)
    - (another) MS Outlook hole in embedded metafiles? Michael Wojcik (Mar 08)
    - Re: spoofing the ethernet address Pavel Kankovsky (Mar 09)
    - Extending the FTP "ALG" vulnerability to any FTP client Mikael Olsson (Mar 10)
    - DoS in ArGoSoft FTP Server, Version 1.04 (1.0.4.4) for win* Knud Erik Hřjgaard (Feb 11)
    - Re: Extending the FTP "ALG" vulnerability to any FTP client Dug Song (Mar 11)
    - Security auditing of network infrastructure Martin M Samson (Mar 11)
    - information being stored from cgi forms Bob Johnson (Mar 10)
    - Re: information being stored from cgi forms Crispin Cowan (Mar 10)
- Re: spoofing the ethernet address Timothy J. Miller (Mar 13)
- Re: spoofing the ethernet address Arnold, Jamie (Mar 14)
  - Re: spoofing the ethernet address John Flux (Mar 14)
  - Re: spoofing the ethernet address Juan M. Courcoul (Mar 15)
  - Linux Mandrake 6.1 PAM/userhelper exploit Paulo Ribeiro (Mar 16)
  - AIM 3.0 Buffer Overflow exploit lewkir () YAHOO COM (Mar 17)
    - Re: AIM 3.0 Buffer Overflow exploit Jamal Hendershot (Mar 19)
    - Re: AIM 3.0 Buffer Overflow exploit - - (Mar 21)

(Thread continues...)