RE: question for security gurus
got try www.sans.org. They often list the most common security holes in companies and weaknesses in desktops, poliocies, and a whole bunch of stuff. I took a security class with company (online courses that is) and this is a top notch site with excellent classes if you are serious. there prices are not terribly bad. Lots of good articles on various types of weaknesses. roger -Original Message- From: Douglas J Hunley [mailto:[EMAIL PROTECTED]] Sent: Monday, January 07, 2002 5:51 PM To: [EMAIL PROTECTED] Subject: question for security gurus If I was to start some side consulting as a Network Security Analyzer, what tools/steps/methodologies would everyone recommend? Opensource would be best, but I'm open to anything. I've made some recommendations to my firm (who wants to go down this path) but I thought I'd get some more info from those in the know. Basically, they want to be able to approach company XYZ, and sell them a Security Assesment service. What machines are exposed to Internet, what holes they have, what services are available to whom on the Internet. Can we DoS you, DNS poisoning, zone xfers, known holes, etc.. thanks in advance! -- Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778 Admin: Linux StepByStep - http://linux.nf printk(MASQUERADE: No route: Rusty's brain broke!\n); 2.4.3 linux/net/ipv4/netfilter/ipt_MASQUERADE.c ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
question for security gurus
If I was to start some side consulting as a Network Security Analyzer, what tools/steps/methodologies would everyone recommend? Opensource would be best, but I'm open to anything. I've made some recommendations to my firm (who wants to go down this path) but I thought I'd get some more info from those in the know. Basically, they want to be able to approach company XYZ, and sell them a Security Assesment service. What machines are exposed to Internet, what holes they have, what services are available to whom on the Internet. Can we DoS you, DNS poisoning, zone xfers, known holes, etc.. thanks in advance! -- Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778 Admin: Linux StepByStep - http://linux.nf printk(MASQUERADE: No route: Rusty's brain broke!\n); 2.4.3 linux/net/ipv4/netfilter/ipt_MASQUERADE.c ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: question for security gurus
On January 07, Douglas J Hunley enlightened our ignorance thusly: If I was to start some side consulting as a Network Security Analyzer, what tools/steps/methodologies would everyone recommend? Opensource would be best, but I'm open to anything. I've made some recommendations to my firm (who wants to go down this path) but I thought I'd get some more info from those in the know. Basically, they want to be able to approach company XYZ, and sell them a Security Assesment service. What machines are exposed to Internet, what holes they have, what services are available to whom on the Internet. Can we DoS you, DNS poisoning, zone xfers, known holes, etc.. I would start with nmap, then proceed to more aggressive probes such as Saint or Satan. In the process, consider password guessing programs, packet sniffers, and some of the common root kits. K -- You will receive a legacy which will place you above want. ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
Re: question for security gurus
Kurt Wall babbled on about: I would start with nmap, then proceed to more aggressive probes such as Saint or Satan. In the process, consider password guessing programs, packet sniffers, and some of the common root kits. are Saint/Satan still worth it? Doesn't Nessus cover them? -- Douglas J Hunley (doug at hunley.homeip.net) - Linux User #174778 Admin: Linux StepByStep - http://linux.nf printk(What? oldfid != cii-c_fid. Call 911.\n); 2.4.3 linux/fs/coda/cnode.c ___ Linux-users mailing list Archives, Digests, etc at http://linux.nf/mailman/listinfo/linux-users
