[Dshield] Audit device

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Jan 24 14:16:07 GMT 2007


On Tue, 23 Jan 2007 21:15:30 EST, Paul Marsh said:
> 	Unfortunately I'm in the market for a device that can scan a
> laptop for patches and AV signatures checking to make sure everything is
> up to date.  I had a very trusted third parties laptop connect to my
> network, VPN to their network, connect to their smtp and then launch the
> Storm Worm.

At best, from a remote device you can tell what ports are open, and maybe
what operating system is running.  To determine things like patches and AV
signatures will require having a local agent package running on the laptop -
and that can get sticky if the person who owns the laptop objects to installing
your software package. (Think - how big a security hole would remote enumeration
of software and patch levels by an untrusted 3rd party be?)

Quick question: what is the "proper" AV signature for the laptop I'm writing
this on? Two hints:

% cat /etc/redhat-release 
Fedora Core release 6 (Rawhide)
% uname -a
Linux turing-police.cc.vt.edu 2.6.20-rc4-mm1 #5 SMP PREEMPT Thu Jan 18 08:38:51 EST 2007 x86_64 x86_64 x86_64 GNU/Linux

(Just as a "thing you need to consider"....)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.sans.org/pipermail/list/attachments/20070124/8a044f2a/attachment.bin 


More information about the list mailing list