RE: General Security audit question

From: Clement Dupuis (cdupuis@cccure.org)
Date: 01/09/03

  • Next message: James-lists: "Re: Making a W2K with Internet Connection Sharing secure" 
    From: "Clement Dupuis" <cdupuis@cccure.org>
To: "'Rapaille Max'" <Max.Rapaille@nbb.be>, "'Dallas Hindle'" <dallash@optushome.com.au>, <security-basics@securityfocus.com>, <focus-ids@securityfocus.com>
Date: Thu, 9 Jan 2003 16:06:54 -0600

    Lately the OSSTMM methodology has been converted into a very good course
    called OPST (OSSTMM Professionnal Security Tester). The course is
    delivered in the states by www.intenseschool.com and other providers
    worldwide.

    Enjoy

    Clement

    > -----Original Message-----
    > From: Rapaille Max [mailto:Max.Rapaille@nbb.be]
    > Sent: Wednesday, January 08, 2003 1:06 AM
    > To: Dallas Hindle; security-basics@securityfocus.com;
    > focus-ids@securityfocus.com
    > Subject: RE: General Security audit question
    >
    >
    > HI.
    >
    > You could have a look at the osstmm : Open Source Security
    > Testing Methodology Manual. A very good doc for Sec audit.
    > Available for free at www.osstmm.org, or perhaps
    www.ideahamster.org... I think they changed the name not so long ago,
    but you should be able to find the link easely to the new address.

    A very nice and recommended reading. They give a good description and
    follow some international standards.. Should you not find it, send me a
    mail off-list, I will send you a copy.

    Regards,

    MAx

    -----Original Message-----
    From: Dallas Hindle [mailto:dallash@optushome.com.au]
    Sent: 07 January 2003 06:11
    To: security-basics@securityfocus.com; focus-ids@securityfocus.com
    Subject: General Security audit question

    Hi
     
    I've been asked to perform a security audit on a site (Stock Broker) and
    to report on all Site, network, server and software issues that I
    encounter
     
    I have a pretty decent idea of what I'm looking for, but if anyone has
    any links to, or templates of what you would find in a security audit
    could you please let me know or send me a copy?
     
     
     
    Thanks
     
    Dallas

    Relevant Pages

    • [Full-disclosure] SSANZ - Server Systems Administration NZ.
      ... Security Hardening & Security Installs/tweaks. ... What is involved in a Full Security Audit? ... csf -a 125.238.144.110 ...
      (Full-Disclosure)
    • RE: Repost: Security Question
      ... 538 in security audit log. ... is the computer name, In SBS 2003, the full security audit is enabled by ... 540 indicates a successful logon; event 538 indicates a successful logoff ... Online Partner Support ...
      (microsoft.public.windows.server.sbs)
    • RE: Security audit & Domain Controller security
      ... the full security audit is enabled by default so that you are ... Event 540 indicates a successful ... Right-click Small Business Server Auditing Policy and click Edit. ...
      (microsoft.public.windows.server.sbs)
    • RE: Penetration test of 1 IP address
      ... I have been asked to perform a security audit of 1 IP address ... You could grab the banner of the HTTP server or run p0f (if you are using ... Another test would be trying to login as ie admin with the company's name ... Audit your website security with Acunetix Web Vulnerability Scanner: ...
      (Pen-Test)
    • Re: Linux Vulneralbility X Windows
      ... An open-source security audit program funded by the ... U.S. Department of Homeland Security has flagged a critical ... "biggest security vulnerability" found in the X Window System ...
      (alt.2600)