OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: NT Audit
From: H Carvey (keydet89YAHOO.COM)
Date: Sat Aug 12 2000 - 05:49:31 CDT

> Depending on whether you want a commercial software
> solution or a
> freeware/GPL solution.

I've posted this before and received no response...I
guess no one thought I was serious...

I presented a paper at the recent Usenix LISA-NT
regarding just this topic...how to create a security
architecture for NT. My solution is to use Perl...
making the solution entirely free. In fact, the only
real drawback that I've been able to find so far is
that you actually have to learn something new... ;-0

The paper is here:
http://patriot.net/~carvdawg/publications.html

If you go here:
http://patriot.net/~carvdawg/projects.html

...I'm working on a vulnerability scanner for NT/2K.
When I say "working", I mean to say that the code is
about 90% there...it's the documentation and finding
sources at Microsoft to describe Registry keys (for
example) that's slowing me down a bit. The internal
vuln. scanning tool is meant to be used by NT admins
on their domain, to ensure that NT systems are in
compliance with established security policies and NT
config standards. It does so by checking:

- Registry keys (individual and "trojan" keys)
- Services
- Running processes (yes, even on remote systems)
- user privileges and account info
- Audit policies (and EventLog data...even EventLog
  entries)
- ACLs (files, directories, Registry keys, shares)
- Domain trusts
- etc

If someone is interested in such a tool, feel free to
contact me.

Carv

__________________________________________________
Do You Yahoo!?
Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/