Re: [Full-Disclosure] Vulnerability Scans
Date: Tue Dec 02 2003 - 16:01:57 CST
There is a really nice tool, that works quite well on various Unix flavors.
It was originally released by Texas A&M University, and is now
maintained over at http://savannah.nongnu.org/projects/tiger
I would suggest looking at some of their checks, as well as seeing
how they are done for unix.
As for windows I have a bit less knowledge about..but the MSBA is
seems to work reasonably well for the basics.
Hope this provides some good starting points.
-=Mike
On Tue, Dec 02, 2003 at 01:28:05PM -0700, Robert Raver wrote:
> Hey,
>
>
>
> I am doing a report on vulnerability scans and what should be included in
> it. I came up with a list of what I think should be included in a scan for
> in different operating systems. Wondering if you guys could direct me to
> pages that can inform me or give me your ideas. Below is the lists I
> created. This is for a scan on a single machine and is mostly targeted
> towards Unix/Linux machines. Let me know.
>
>
>
> This section lists the Unix system security criteria:
>
> 1. /etc/passwd not world-writable
>
> 2. No unnecessary services running
>
> 3. FTP directory not writable by user anonymous
>
> 4. NFS not configured to be world-writable
>
> 5. Passwords not crackable by dictionary attack
>
> 6. .
>
> 7. .
>
>
>
>
> 1.1.1 Windows System Security Criteria
>
>
> This section lists the Windows system security criteria:
>
> 1. guest account disabled
>
> 2. No unnecessary services running
>
> 3. System patched with most recent applicable hot fixes
>
> 4. Passwords not crackable by dictionary attack
>
>
>
> I have also included a port/services scan using nessus and the SANS Top 20
> list.
>
>
>
>
>
> Thanks,
>
> Robert Raver
>
>
>
--
The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.
But let your communication be Yea, yea; nay, nay: for
whatsoever is more than these cometh of evil.
-- Matthew 5:37
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Tue Dec 02 16:43:25 2003
This archive was generated by hypermail 2.1.8 : Tue Dec 02 2003 - 17:01:00 CST
