[unisog] Automated vulnerability tests upon host to network attachment

Gary Flynn flynngn at jmu.edu
Fri May 16 03:14:12 GMT 2003


marchany at vt.edu wrote:

>So, in keeping with the "never present a problem w/o providing a solution" 
>strategy, the hard part of this project isn't the scanning pieces. It's 
>showing the user HOW to make the necessary changes. I don't see the benefit of 
>this service to a dept that has a reasonably skilled sysadmin. They already 
>know how to run a scanner and fix the problem. For those sysadmins who aren't 
>motivated to implement the changes, the scanner service doesn't buy anything.
>  
>

We most defintely are in agreement on most of your points. However, a 
great deal of good could be
accomplished by a few simple checks for the most common problems. For 
example,

1) Does the NT/2k/xp Administrator account have a strong password.
2) Is port 80 open and is it susceptible to unicode traversal.
3) Is port 21 open and is it susceptible to wu-ftpd overflow.

In all three cases, the solutions are simple and/or can be packaged for 
any end user.

If the scanner service prevents an unsafe system from becoming open to
attack, being compromised, and threatening the rest of the infrastructure
than it has bought quite a bit.



More information about the unisog mailing list