RE: free hIDS, or system assessment tools

From: Malik Khan (akhan_at_manpowernc.com)
Date: 09/27/04

  • Next message: LordInfidel_at_directionweb.com: "RE: PortFast Question" 
    Date: Mon, 27 Sep 2004 07:33:46 -0400
To: <keydet89@yahoo.com>, <security-basics@securityfocus.com>

    Try Microsoft Baseline Security Analyzer V1.2.1
    http://www.microsoft.com/technet/security/tools/mbsahome.mspx

    -----Original Message-----
    From: H Carvey [mailto:keydet89@yahoo.com]
    Sent: Wednesday, September 22, 2004 1:46 PM
    To: security-basics@securityfocus.com
    Subject: Re: free hIDS, or system assessment tools

    In-Reply-To: <65C9FE56B1EB304EA8BC65A50F218C272D53CF@HOMAIL01.alrajhi.bank>

    >Is there any free System Assessment tools for windows and *nix Is there
    >any free System or host IDS for windows and *nix

    There are a couple of (free) ways to go about this, particularly on Windows
    systems...

    For system assessment, I'd recommend:
    nmap - http://www.insecure.org
    ATK - http://www.computec.ch/projekte/atk/

    If you know what you're assessing against, Perl can be used to implement WMI
    as well as make other calls to the system in order to obtain the necessary
    information for your assessment...and even update the system to bring it in
    compliance.

    Perl can also be used to implement free monitoring/hIDS. For example, if
    you set your audit policy appropriately, use something like wmievt.pl
    (http://patriot.net/~carvdawg/perl.html) to send Event Log entries off of
    the system as they are generated. From the same site, you can use FSW.pl to
    watch for file system changes.

    HTH,

    H. Carvey
    http://www.windows-ir.com
    http://groups.yahoo.com/group/windowsir/

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------

    *************************************************************
    Confidentiality Notice

    The information contained in this e-mail message is proprietary
    and confidential, and is intended only for the recipients of this
    email. Copying and distribution, of information contained in this
    message is strictly prohibited.

    If you received this message in error, please immediately notify
    us by sending e-mail to postmaster@manpowernc.com

    ***************************************************************

    • application/x-pkcs7-signature attachment: smime.p7s
  • Next message: LordInfidel_at_directionweb.com: "RE: PortFast Question"