RE: System Security Audits

From: J. Oquendo (
Date: 12/01/03

  • Next message: Alfred Huger: "New Articles @ SecurityFocus"
    Date: Mon, 1 Dec 2003 14:01:14 -0500 (EST)

    <two cents>
    Should you decide to go with something of a `portable` Antivirus tool
    check out NAI's 'Stinger' if you haven;t already. It fits on a floppy and
    is constantly updated. As for `skid's' response, it would not be that
    complicated if CDR's were used although it would be cumbersome to keep
    updating the recordable CD.

    As per Peteris' comment on permissions, if in an environment where you're
    doing a pen-test, a machine allows you to boot from say a floppy, or cd, I
    would say you would have more to worry about than a virus. I take this
    post as meaning you're doing a pen test to check "SECURITY" on a machine,
    and a machine that is supposed to be `secure' should not allow anyone to
    boot from `disposables' (if you will)

    </two cents>

    > Trojans/Viruses etc. are constantly changing things. Making a CD will
    > mean you'll have to make a new CD all the time to keep up-to-date with
    > the changes, sounds like one big mess to me.
    > -----Original Message-----
    > From: Peteris Krumins []
    > Sent: Saturday, November 29, 2003 12:01 AM
    > To:
    > Subject: System Security Audits
    > Hello,
    > I have a question about doing system (Windows) security
    > audits.
    > By system security audits I mean things like checking if computer
    > is free of malware, trojans, viruses, if user has appropriate
    > permissions (not too high or to say if user has restrictive
    > permissions) etc.
    > I have a couple of ideas which i could use, one is to create
    > an universal CD with all the stuff needed. Everything is on the
    > CD, nothing will be installed on the client's computer.
    > The Audit Team just puts CD in, runs applications and that's it.
    > The other is to bool from a CD on the client's computer
    > which would bring us to some different environment (probably
    > linux). As booted mount the filesystems and do all the
    > audit stuff from such environment.
    > Or, please, suggest any other methods that could be used.
    > P.Krumins

    J. Oquendo
    GPG Key ID 0x51F9D78D
    Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D

    sil @ politrix . org
    sil @ infiltrated . net

    "How do you know where I'm at when you haven't been where I've
    been understand where I'm coming from" -- Cypress Hills


  • Next message: Alfred Huger: "New Articles @ SecurityFocus"