Home page logo

pen-test logo Penetration Testing mailing list archives

RE: System Security Audits
From: "J. Oquendo" <sil () politrix org>
Date: Mon, 1 Dec 2003 14:01:14 -0500 (EST)

<two cents>
Should you decide to go with something of a `portable` Antivirus tool
check out NAI's 'Stinger' if you haven;t already. It fits on a floppy and
is constantly updated. As for `skid's' response, it would not be that
complicated if CDR's were used although it would be cumbersome to keep
updating the recordable CD.

As per Peteris' comment on permissions, if in an environment where you're
doing a pen-test, a machine allows you to boot from say a floppy, or cd, I
would say you would have more to worry about than a virus. I take this
post as meaning you're doing a pen test to check "SECURITY" on a machine,
and a machine that is supposed to be `secure' should not allow anyone to
boot from `disposables' (if you will)

</two cents>

Trojans/Viruses etc. are constantly changing things. Making a CD will
mean you'll have to make a new CD all the time to keep up-to-date with
the changes, sounds like one big mess to me.

-----Original Message-----
From: Peteris Krumins [mailto:newsgroups () lf lv]
Sent: Saturday, November 29, 2003 12:01 AM
To: pen-test () securityfocus com
Subject: System Security Audits


  I have a question about doing system (Windows) security
  By system security audits I mean things like checking if computer
  is free of malware, trojans, viruses, if user has appropriate
  permissions (not too high or to say if user has restrictive
  permissions) etc.

  I have a couple of ideas which i could use, one is to create
  an universal CD with all the stuff needed. Everything is on the
  CD, nothing will be installed on the client's computer.
  The Audit Team just puts CD in, runs applications and that's it.

  The other is to bool from a CD on the client's computer
  which would bring us to some different environment (probably
  linux). As booted mount the filesystems and do all the
  audit stuff from such environment.

  Or, please, suggest any other methods that could be used.


J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D


sil @ politrix . org    http://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

"How do you know where I'm at when you haven't been where I've
been understand where I'm coming from" -- Cypress Hills


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]