Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

fulldisclosure logo Full Disclosure mailing list archives

Vulnerability Scans
From: "Robert Raver" <rraver () ipconsole com>
Date: Tue, 2 Dec 2003 13:28:05 -0700
Hey,

 

I am doing a report on vulnerability scans and what should be included in
it.  I came up with a list of what I think should be included in a scan for
in different operating systems.  Wondering if you guys could direct me to
pages that can inform me or give me your ideas.  Below is the lists I
created.  This is for a scan on a single machine and is mostly targeted
towards Unix/Linux machines.  Let me know.

 

            This section lists the Unix system security criteria:

1.      /etc/passwd not world-writable

2.      No unnecessary services running

3.      FTP directory not writable by user anonymous

4.      NFS not configured to be world-writable

5.      Passwords not crackable by dictionary attack

6.      .

7.      .

 


1.1.1   Windows System Security Criteria


            This section lists the Windows system security criteria:

1.      guest account disabled

2.      No unnecessary services running

3.      System patched with most recent applicable hot fixes

4.      Passwords not crackable by dictionary attack

 

I have also included a port/services scan using nessus and the SANS Top 20
list.

 

 

Thanks,

Robert Raver

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]