Another tool that can be used for Pen Testing and which is in the same line
as Knoppix is F.I.R.E. (Forensic and Incident Response Environment -
http://fire.dmzs.com/). F.I.R.E. was showcased in a webcast in May 2003
hosted by SANS. F.I.R.E. is a Linux Bootable CD Image which has several
well-kno
Hi to all list members!
I am interested in finding web sites that contain best practice guidelines
in the implementation of Public Key Infrastructures (PKI) and Digital
Certificates for Securing Email (internally and externally using 3rd Party
Certification Services).
I am aware of various books t
There is also Symantec's Enterprise Security Manager (ESM) for Oracle and
Pentasafe's Vigilent amongst others. Here is a link to Talisker's web site
that has a list of vulnerbility scanners for Databases.
Good Luck!
Rafael Rosado, CISSP, CISA
IT Security Manager
Caribbean and Latin America Regio
Paul,
There is a good book on how to set up Windows NT/2000 Servers for the
Internet called: "Securing Windows NT/2000 Servers for the Internet -
Security Checklists for System Administrators" by Stefan Norberg (Oreilly
Publishers ISBN 1-56592-768-0) which you can order from Amazon
(http://www.ama
Simon,
You might also want to consider downloading and running the "freebie" tools
from the Center for Internet Security (CIS) against the NT/2000 Servers to
ensure these are hardened (http://www.cisecurity.org). Other "freebie"
tools to consider are the Microsoft Baseline Security Analyzer (MSB
Go to Foundstone's page and Download Vision (can only run locally on the
machine being evaluated) --
http://www.foundstone.com/knowledge/infoterms.html?filename=visionsetup.exe
For information on the product, go to
http://www.foundstone.com/knowledge/proddesc/vision.html
Enjoy!
Rafael Rosado
IT S
Vision is another product that will allow you to map open ports to programs
that are running/listening on these. You can download it from Foundstone's
web site (http://www.foundstone.com/).
Rafael Rosado
IT Security Manager
Caribbean and Latin America Region (CALA)
Lucent Technologies O
Corpora
You might want to consider running Microsoft's Baseline Security Analyzer
(MSBA) -
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/
tools/Tools/MBSAhome.asp
or GFI's Languard Network Scanner (http://www.gfi.com/lannetscan/index.htm).
Both are open source/freeware and
Check the document created by CIO Magazine, FBI and Secret Service Agency
(CIO CYBERTHREAT RESPONSE & REPORTING GUIDELINES -->
http://www.cio.com/research/security/incident_response.pdf). Although it is
not very specific to internal incident response guidelines, it sheds some
light over the proces
Harish,
Another scanner out there is N-Stealth Security Scanner from NStalker
(Felipe Moniz). Visit their web site --> http://www.nstalker.com
One caveat (as well as with any scanner): many false positives and
negatives...you need to evaluate and corroborate the results of the scanner.
No silver
10 matches
Mail list logo
