IPSO/Secure Platform audit

From: Dan Rogers (pentestguy_at_gmail.com)
Date: 08/18/05

  • Next message: Graeme Connell: "Re: MS05-039 Scanner"
    Date: Thu, 18 Aug 2005 13:00:50 +0100
    To: pen-test@securityfocus.com
    
    

    Hi list,

    I'm currently reviewing a Check point/Nokia box and a Secure Platform
    manager. The settings in Voyager are all good, and likewise the Web
    GUI of the SPLAT manager is fine, they're both patched and the policy
    is also clean - but I want to ensure the o/s themselves are ok. I've
    checked that there aren't any users there shouldn't be in /etc/passwd,
    checked there aren't any unknown processes (at least any visible
    ones), any unusual open ports or any strange scripts scheduled to run
    in crontab. The firewall logs themselves aren't showing anything
    unusual.

    I am concerned that a previous administrator may have left himself
    access by the back-door somehow - but am not in a position to rebuild
    them to be sure. What else would you lot check for?

    Ta

    Dan

    ------------------------------------------------------------------------------
    FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

    Learn the hacker's secrets that compromise wireless LANs. Secure your
    WLAN by understanding these threats, available hacking tools and proven
    countermeasures. Defend your WLAN against man-in-the-Middle attacks and
    session hijacking, denial-of-service, rogue access points, identity
    thefts and MAC spoofing. Request your complimentary white paper at:

    http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
    -------------------------------------------------------------------------------


  • Next message: Graeme Connell: "Re: MS05-039 Scanner"