OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Eric (ewstellurian.net)
Date: Mon May 13 2002 - 14:22:34 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I wrote a script that does most of this - it's very easy to customize to
    add additional checks:

    (it doesn't check specifically for AV - but you could add a module on this,
    or review the running processes or services on the system, which is
    included in the output.)

    http://online.securityfocus.com/data/tools/nt_audit_script12.zip

    (thanks to Patrick Heim who wrote portions of this script)

    At 11:03 PM 5/9/2002 +0000, Jason wrote:

    >I will be performing a workstation audit on 300 W2k
    >workstations across the network.
    >
    >I need to scan to see:
    >1. If there are any trojans running on these hosts.
    >2. Whether shares are activated on these hosts.
    >3. Whether anti-virus is installed.
    >
    >I will have domain administrator rights and all
    >workstations are in the windows NT 4.0 domain.
    >
    >What tools do people recommend for performing each of these
    >steps? I will be scanning for workstations within a
    >specific IP range.
    >
    >For Trojan Scanning I have seen tools like TFAK. But I am
    >not sure how good it is and I know it can't be run on a
    >block of IP's.
    >
    >For determining whether shares are activated maybe I could
    >use something like Legion ?
    >
    >For determining whether anti-virus is installed I need a
    >tool that can dump a list of services running on a remote
    >host for a block of IP addresses.
    >
    >Any help appreciated.
    >
    >
    >----------------------------------------------------------------------------
    >This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    >Service. For more information on SecurityFocus' SIA service which
    >automatically alerts you to the latest security vulnerabilities please see:
    >https://alerts.securityfocus.com/

    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:
    https://alerts.securityfocus.com/