From: Mohr, James (James.Mohr@ParkNicollet.com)
Date: Thu Aug 16 2007 - 09:55:28 EDT
You could begin with the review procedures in the corresponding
checklist, (though you may have already thought of that since you are
testing against the STIG).
http://iase.disa.mil/stigs/checklist/vmchklst-v2r12-APR06.doc
Good luck,
Jim
-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of jfvanmeter@comcast.net
Sent: Wednesday, August 15, 2007 10:01 AM
To: pen-test@securityfocus.com
Subject: Pen Test of a ESX Server
I have a assignment to complete a pen test of a ESX server and was
hoping to get some thoughts from everyone on how and what to test. I
need to check to see if the server is configured in accordance with the
"Virtual Computing Security Technical Implementation Guide" Version 1,
release0.1
Thank You in advance
Take Care and Have Fun --John
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:02 EDT