RE: System Security Audits

From: Keenen Milner (kmilner_at_ghcllc.com)
Date: 12/01/03

  • Next message: Anders Thulin: "Re: Reporting aspect of pen-testing"
    Date: Mon, 1 Dec 2003 07:39:37 -0800
    To: "Peteris Krumins" <newsgroups@lf.lv>, <pen-test@securityfocus.com>
    
    

    You should take a look at www.knoppix-std.org ... it is a bootable CD that contains lots of tools and you can customize it with more if you are willing to remaster the CD yourself. It does a lot of what you are looking for in a 'universal CD'.
     
    Keenen Milner
    GHC Information Systems, LLC
    (818) 325-8400

            -----Original Message-----
            From: Peteris Krumins [mailto:newsgroups@lf.lv]
            Sent: Fri 11/28/2003 2:00 PM
            To: pen-test@securityfocus.com
            Cc:
            Subject: System Security Audits
            
            


             Hello,
            
              I have a question about doing system (Windows) security
              audits.
              By system security audits I mean things like checking if computer
              is free of malware, trojans, viruses, if user has appropriate
              permissions (not too high or to say if user has restrictive
              permissions) etc.
             
              I have a couple of ideas which i could use, one is to create
              an universal CD with all the stuff needed. Everything is on the
              CD, nothing will be installed on the client's computer.
              The Audit Team just puts CD in, runs applications and that's it.
            
              The other is to bool from a CD on the client's computer
              which would bring us to some different environment (probably
              linux). As booted mount the filesystems and do all the
              audit stuff from such environment.
            
              Or, please, suggest any other methods that could be used.
            
            
            P.Krumins
            
            
            ---------------------------------------------------------------------------
            ----------------------------------------------------------------------------
            
            


  • Next message: Anders Thulin: "Re: Reporting aspect of pen-testing"