[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] Vulnerability Scans

To: <full-disclosure@lists.netsys.com>
Subject: [Full-Disclosure] Vulnerability Scans
From: "Robert Raver" <rraver@ipconsole.com>
Date: Tue, 2 Dec 2003 13:28:05 -0700

Hey,

 

I am doing a report on vulnerability scans and what should be included in
it.  I came up with a list of what I think should be included in a scan for
in different operating systems.  Wondering if you guys could direct me to
pages that can inform me or give me your ideas.  Below is the lists I
created.  This is for a scan on a single machine and is mostly targeted
towards Unix/Linux machines.  Let me know.

 

            This section lists the Unix system security criteria:

1.      /etc/passwd not world-writable

2.      No unnecessary services running

3.      FTP directory not writable by user anonymous

4.      NFS not configured to be world-writable

5.      Passwords not crackable by dictionary attack

6.      .

7.      .

 


1.1.1   Windows System Security Criteria


            This section lists the Windows system security criteria:

1.      guest account disabled

2.      No unnecessary services running

3.      System patched with most recent applicable hot fixes

4.      Passwords not crackable by dictionary attack

 

I have also included a port/services scan using nessus and the SANS Top 20
list.

 

 

Thanks,

Robert Raver

Follow-Ups:
- Re: [Full-Disclosure] Vulnerability Scans
  - From: Michael Sconzo <msconzo@tamu.edu>

Prev by Date: [Full-Disclosure] Cisco Security Advisory: SNMP trap Reveals WEP Key in Cisco Aironet AP
Next by Date: [Full-Disclosure] "The Rotten File" ( XFTeam IRC Chat log - script kiddies - just for fun )
Previous by thread: [Full-Disclosure] Cisco Security Advisory: SNMP trap Reveals WEP Key in Cisco Aironet AP
Next by thread: Re: [Full-Disclosure] Vulnerability Scans
Index(es):
- Date
- Thread