Re: Software to test my mail/webserver for flaws?

From: Karl Levinson [x y] mvp (levinson_k@excite.com)
Date: 12/12/02

Next message: George Hester: "Is it really true that NTFS is secure?"
Previous message: Jerry Bryant [MSFT]: "Microsoft Security Bulletin MS02-071"
In reply to: Richard Mahoney: "Re: Software to test my mail/webserver for flaws?"
Next in thread: Bill Sanderson: "Re: Software to test my mail/webserver for flaws?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Karl Levinson [x y] mvp" <levinson_k@excite.com>
Date: Thu, 12 Dec 2002 10:48:53 -0500

http://securityadmin.info/faq.htm#portscan [despite the name of the URL, it
does list a variety of free vulnerability assessment scanners]
http://securityadmin.info/resource.asp?category=Vulnerability%20Assessment
http://securityadmin.info/resource.asp?category=IIS

MBSA from Microsoft is a good start, though you probably want separate tools
that scan for Windows vulnerabilities, IIS vulnerabilities, and possibly
also web application / code vulnerabilities.

Other information:
http://securityadmin.info/faq.htm#harden

"Richard Mahoney" <rm.mymail@NOSPAMntlworld.com> wrote in message
news:Eu1K9.3917$_p5.56964@newsfep1-gui.server.ntli.net...
>
> "Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
> news:ufWOCQeoCHA.2220@TK2MSFTNGP09...
> > I would run MBSA 1.1, and look closely at the recommendations it makes.
> > Your wording makes me wonder whether you are running MS products for
these
> > functions, however--so this may not get into the depth you need.
> >
> >
>
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
> tools/Tools/mbsahome.asp
>
> Thanks,
> I'm not running a Microsoft server product but am on the Windows platform.
> RM.
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.427 / Virus Database: 240 - Release Date: 06/12/2002
>
>

Next message: George Hester: "Is it really true that NTFS is secure?"
Previous message: Jerry Bryant [MSFT]: "Microsoft Security Bulletin MS02-071"
In reply to: Richard Mahoney: "Re: Software to test my mail/webserver for flaws?"
Next in thread: Bill Sanderson: "Re: Software to test my mail/webserver for flaws?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

SecurityFocus Microsoft Newsletter #305
... Microsoft Office security, part one ... Microsoft Internet Explorer Multiple COM Object Color Property Denial of Service Vulnerabilities ... An attacker may leverage these issues to execute arbitrary server-side script code on an affected computer with the privileges of the webserver process. ...
(Focus-Microsoft)
SecurityFocus Microsoft Newsletter #306
... Microsoft Office security, part two ... Microsoft Internet Explorer COM Object Instantiation Daxctle.OCX Heap Buffer Overflow vulnerability. ... Cybozu Garoon Multiple SQL Injection Vulnerabilities ...
(Focus-Microsoft)
Re: [Full-disclosure] Microsofts Real Test with Vista is Vulnerabilities
... So if they can earn more from the subscription based security solution where is the incentive to make the OS more secure? ... I am far from a Microsoft marketing expert... ... Microsoft's Real Test with Vista is Vulnerabilities ...
(Full-Disclosure)
SecurityFocus Microsoft Newsletter #360
... A Method of Testing VoIP security or Voice VLANs ... MICROSOFT VULNERABILITY SUMMARY ... Online Armor Personal Firewall SSDT Hooks Multiple Local Vulnerabilities ...
(Focus-Microsoft)
Microsofts Real Test with Vista is Vulnerabilities
... Vista, the solution to all our problems: Microsoft portrays Vista as ... anything from the end of software vulnerabilities to the end of spyware. ... Last December Noam wrote of eBay bids on an Excel 0day vulnerability, ...
(Bugtraq)