Re: Security Baseline Tools

From: Chris Davis (cdlists@gmail.com)
Date: Mon Aug 22 2005 - 14:22:29 EDT


David,

If you're fortunate to have money to spend, there's a forensic tool
from Guidance Software called EnCase Enterprise that can do this -
very quickly - and quite accurately. If there's someone on the list
from Guidance, maybe they could respond to you offline.

There's others that are developing similar capabilities, where an
agent sits on several clients and phones home to a centralized server.
It's quite powerful, and can audit automatically several hundred or
several thousand machines, depending on your needs, in less than a
day.

Chris

On 8/22/05, Stephen J. Smoogen <smooge@gmail.com> wrote:
> On 8/20/05, David Boynton <david.boynton2@cox.net> wrote:
> > Hello everyone,
> >
> > Is anyone aware of any security baseline assessment tools like the ones
> > provided by the Center for Internet Security? We are researching the
> > possibility of using a "Baseline Compliance" metric, so the tools will need
> > to be mostly automated (no manual checklists - we have enough of those!)
> >
> > Thanks for any and all help!
> >
> > Moderator: I know this barely qualifies as penetration testing, but the mod for Security Management kicked it back because it will start a discussion of technical tools. Please help me out! :)
> >
>
>
> At the moment, we are writing our own. I have found that the CIS tools
> linked to from the NIST.gov worked well for a first best guess, but in
> order to see if 4000 desktops matched those and could report
> centrally.. plus deal with specialized network areas.. they needed a
> lot of work.
>
> To keep this with a penetration point of view, most of the baseline
> tools are sort of a reverse penetration test. Penetrators usually go
> for flag A, B, C... make sure they are turned off. It also seems to be
> a lot harder to write versus some scripts to exploit :).
>
>
> --
> Stephen J Smoogen.
> CSIRT/Linux System Administrator
>
> ------------------------------------------------------------------------------
> FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't
>
> Learn the hacker's secrets that compromise wireless LANs. Secure your
> WLAN by understanding these threats, available hacking tools and proven
> countermeasures. Defend your WLAN against man-in-the-Middle attacks and
> session hijacking, denial-of-service, rogue access points, identity
> thefts and MAC spoofing. Request your complimentary white paper at:
>
> http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
> -------------------------------------------------------------------------------
>
>

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:46 EDT