RE: Pen Test of a ESX Server

From: jfvanmeter@comcast.net
Date: Thu Aug 16 2007 - 12:45:38 EDT


I wanted to thank everyone for there thoughts and links.

Take Care and Have Fun --John

 -------------- Original message ----------------------
From: "Mohr, James" <James.Mohr@ParkNicollet.com>
> You could begin with the review procedures in the corresponding
> checklist, (though you may have already thought of that since you are
> testing against the STIG).
>
> http://iase.disa.mil/stigs/checklist/vmchklst-v2r12-APR06.doc
>
> Good luck,
> Jim
>
> -----Original Message-----
> From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
> On Behalf Of jfvanmeter@comcast.net
> Sent: Wednesday, August 15, 2007 10:01 AM
> To: pen-test@securityfocus.com
> Subject: Pen Test of a ESX Server
>
>
> I have a assignment to complete a pen test of a ESX server and was
> hoping to get some thoughts from everyone on how and what to test. I
> need to check to see if the server is configured in accordance with the
> "Virtual Computing Security Technical Implementation Guide" Version 1,
> release0.1
>
> Thank You in advance
>
> Take Care and Have Fun --John
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:02 EDT