I just finished a nessus scan (http://www.nessus.org) of a test E-Smith
4.1.1 box. I enabled all of the nessus "plugins", including those listed as
dangerous. I also enabled nmap in scan options. Since I have yet to read
all
the directions for nessus, I very well could have something miss
configured.
In any event the results of my scan are at
http://users.owt.com/msensney/esmith1.html.
The E-Smith external interface for this run was 192.168.1.2.
I am concerned about the imap service. Is this a security issue?
Nessus reports it as such.
E-Smith 4.1.1 settings of interest:
Remote Access Settings
ssh access: PUBLIC
admin c/l access: YES
ssh standard passwords: YES
PPTP access: 0
FTP access: PUBLIC
FTP access limits: NORMAL USAGE
telnet access: NO ACCESS
Other Email Settings
pop/imap server access: PUBLIC
webmail access: ENABLED HTTP/HTTPS
At 08:35 AM 02/26/2001 -0800, Chapman, Justin T wrote:
>Here's the original post:
>
>
> > -----Original Message-----
> > From: Chapman, Justin T [mailto:[EMAIL PROTECTED]]
> > Sent: Monday, February 12, 2001 2:08 PM
> > To: [EMAIL PROTECTED]
> > Subject: Security links
> >
> >
> > OK, let's try this again....
> >
> > A comparison of security scanners, both commercial and OSS:
> > http://www.nwc.com/1201/1201f1b1.html
> >
> > Common port number assignments:
> > http://www.isi.edu/in-notes/iana/assignments/port-numbers
> >
> > Security Focus (The mother of all security sites)
> > http://www.securityfocus.com
> > This site also hosts the Bugtraq mailing list. It's *the*
> > list to be on if
> > you are involved with/interested in security...
> >
> > Excellent witepapers on security related issues (hardening
> > your OS (Linux,
> > Solaris and NT), firewalls, etc)
> > http://www.enteract.com/~lspitz/papers.html
> >
> > Common Vulnerabilities and Exposures. An online database of
> > vulnerabilities
> > - numbered and indexed!
> > http://www.cve.mitre.org/
> >
> > Nmap homepage:
> > http://www.insecure.org/nmap/
> >
> > Hope these help!
> > --Justin
> >
> > Pinky, are you pondering what I'm pondering?
> > Uh, I think so, Brain, but we'll never get a monkey to use
> > dental floss.
> >
>
> > -----Original Message-----
> > From: Doug Nordwall [mailto:[EMAIL PROTECTED]]
> > Sent: Saturday, February 24, 2001 7:24 PM
> > To: [EMAIL PROTECTED]
> > Subject: scanner review...
> >
> >
> > someone after my talk two weeks ago said they had a url for
> > security scanner reviews...mind posting that?
> >
> > ---
> > Doug Nordwall http://gibson.nmhu.edu/~musashi
> > System Administrator [EMAIL PROTECTED]
> >
>
>
>
>---
>Incoming mail is certified Virus Free.
>Checked by AVG anti-virus system (http://www.grisoft.com).
>Version: 6.0.231 / Virus Database: 112 - Release Date: 02/12/2001
