Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Auditing a Win2K box

From: H Carvey <keydet89 () yahoo com>
Date: 7 Oct 2004 17:33:16 -0000
In-Reply-To: <41638.81.144.180.200.1096993085.squirrel@81.144.180.200>


I've been asked to audit a Win2k server, and being used to *nix boxes, I
could really do with some pointers here. Aside from Nessus,nmap and the
likes thereof, can anyone please point me to some decent
software(preferably free), and or docs/sites to do a security audit of a
Win2k Server, and the various things to look out for?


Well, I guess it all depends upon the visibility you have into the system.  If all you have is network access, running 
nmap and Nessus are a great start, adding on things like Nikto, rpcdump, etc., depending upon the ports you find open, 
of course.

However, if you have (or can get) admin-level access to the box, then you can provide a much greater service to your 
client.  Using Perl or VBScript, you can implement WMI to retrieve processes, service info, a list of installed patches 
and applications, etc.  Yes, you can also use a variety of freeware tools, as well, but sometimes it's quicker to write 
your own than it is to search the Net looking for the right tool.

Things to consider/look for - depending upon the purpose of the system, how is it configured?  What apps/services are 
running?  Is IIS installed?  If so, are unnecessary script mappings disabled?  Is the system configured from a Least 
Privilege point of view?  How about file system and Registry ACLs?  How is auditing/logging configured?  Who has what 
type of access to the machine?

Another thing to consider is this...if you're doing an audit, to what standard is the system being audited?  Does the 
customer have a standard?  If so, you're golden.  If not, are you going to use "best business practices", and if so, 
what is your customer's business?  How does this system fit into the rest of the infrastructure?  These are all things 
that need to be considered...

If you have specific requirements or questions, feel free to contact me directly.

------------------------------------------
Harlan Carvey, CISSP
"Windows Forensics and Incident Recovery"
http://www.windows-ir.com
http://groups.yahoo.com/group/windowsir/

"Meddle not in the affairs of dragons, for
you are crunchy, and good with ketchup."

"The simplicity of this game amuses me. 
Bring me your finest meats and cheeses."
------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: