RE: question for security gurus
got try www.sans.org. They often list the most common security holes in
companies and weaknesses in desktops, poliocies, and a whole bunch of stuff.
I took a security class with company (online courses that is) and this is a
top notch site with excellent classes if you are serious. there prices are
not terribly bad. Lots of good articles on various types of weaknesses.
roger
-Original Message-
From: Douglas J Hunley [mailto:[EMAIL PROTECTED]]
Sent: Monday, January 07, 2002 5:51 PM
To: [EMAIL PROTECTED]
Subject: question for security gurus
If I was to start some side consulting as a Network Security Analyzer, what
tools/steps/methodologies would everyone recommend? Opensource would be
best,
but I'm open to anything. I've made some recommendations to my firm (who
wants to go down this path) but I thought I'd get some more info from those
"in the know".
Basically, they want to be able to approach company XYZ, and sell them a
"Security Assesment" service. What machines are exposed to Internet, what
holes they have, what services are available to whom on the Internet. Can we
DoS you, DNS poisoning, zone xfers, known holes, etc..
thanks in advance!
--
Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778
Admin: Linux StepByStep - http://linux.nf
printk("MASQUERADE: No route: Rusty's brain broke!\n");
2.4.3 linux/net/ipv4/netfilter/ipt_MASQUERADE.c
___
Linux-users mailing list
Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
___
Linux-users mailing list
Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: question for security gurus
Kurt Wall babbled on about:
> I would start with nmap, then proceed to more aggressive probes such
> as Saint or Satan. In the process, consider password guessing
> programs, packet sniffers, and some of the common root kits.
are Saint/Satan still worth it? Doesn't Nessus cover them?
--
Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778
Admin: Linux StepByStep - http://linux.nf
printk("What? oldfid != cii->c_fid. Call 911.\n");
2.4.3 linux/fs/coda/cnode.c
___
Linux-users mailing list
Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: question for security gurus
On January 07, Douglas J Hunley enlightened our ignorance thusly: > If I was to start some side consulting as a Network Security Analyzer, what > tools/steps/methodologies would everyone recommend? Opensource would be best, > but I'm open to anything. I've made some recommendations to my firm (who > wants to go down this path) but I thought I'd get some more info from those > "in the know". > > Basically, they want to be able to approach company XYZ, and sell them a > "Security Assesment" service. What machines are exposed to Internet, what > holes they have, what services are available to whom on the Internet. Can we > DoS you, DNS poisoning, zone xfers, known holes, etc.. I would start with nmap, then proceed to more aggressive probes such as Saint or Satan. In the process, consider password guessing programs, packet sniffers, and some of the common root kits. K -- You will receive a legacy which will place you above want. ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
