NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-MS> 2000-q3

Subject: Re: NT Audit
From: Erik Burris (erikbMAIL.UTEXAS.EDU)
Date: Mon Aug 14 2000 - 13:14:19 CDT

Next message: Bilder, Jeffry: "Re: Netmeeting as a remote control tool"
Previous message: JD Conley: "Re: Port being listen to"
Maybe in reply to: Conall OBrien: "NT Audit"
Next in thread: Shane Garoutte: "Re: NT Audit"
Maybe reply: Erik Burris: "Re: NT Audit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I'm interested in that tool. How can I get it?

Erik Burris

--- Original Message ---
H Carvey <keydet89YAHOO.COM> Wrote on
Sat, 12 Aug 2000 03:49:31 -0700
------------------
> Depending on whether you want a commercial software
> solution or a
> freeware/GPL solution.

I've posted this before and received no response...I
guess no one thought I was serious...

I presented a paper at the recent Usenix LISA-NT
regarding just this topic...how to create a security
architecture for NT. My solution is to use Perl...
making the solution entirely free. In fact, the only
real drawback that I've been able to find so far is
that you actually have to learn something new... ;-0

The paper is here:
http://patriot.net/~carvdawg/publications.html

If you go here:
http://patriot.net/~carvdawg/projects.html

....I'm working on a vulnerability scanner for NT/2K.
When I say "working", I mean to say that the code is
about 90% there...it's the documentation and finding
sources at Microsoft to describe Registry keys (for
example) that's slowing me down a bit. The internal
vuln. scanning tool is meant to be used by NT admins
on their domain, to ensure that NT systems are in
compliance with established security policies and NT
config standards. It does so by checking:

- Registry keys (individual and "trojan" keys)
- Services
- Running processes (yes, even on remote systems)
- user privileges and account info
- Audit policies (and EventLog data...even EventLog
entries)
- ACLs (files, directories, Registry keys, shares)
- Domain trusts
- etc

If someone is interested in such a tool, feel free to
contact me.

Carv

__________________________________________________
Do You Yahoo!?
Yahoo! Mail – Free email you can access from anywhere!
http://mail.yahoo.com/

-----
Sent using MailStart.com ( http://MailStart.Com/welcome.html )
The FREE way to access your mailbox via any web browser, anywhere!

Next message: Bilder, Jeffry: "Re: Netmeeting as a remote control tool"
Previous message: JD Conley: "Re: Port being listen to"
Maybe in reply to: Conall OBrien: "NT Audit"
Next in thread: Shane Garoutte: "Re: NT Audit"
Maybe reply: Erik Burris: "Re: NT Audit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]