RE: AS400 Net Recon

From: John Bussert (JBussert@swiftorder.com)
Date: Tue Feb 19 2008 - 10:24:11 EST

• Next message: whitehat: "Malicious file upload in .JPG or GIF format"
• Previous message: VoIP Hacker Clown: "VoIP Hopper 0.9.9 Released"
• In reply to: xelerated: "Re: AS400 Net Recon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Jon,

Another option is to take a look at the IBM Redbooks - lots of good
information and you can download them for free.

http://www.redbooks.ibm.com/abstracts/sg246668.html?Open

http://www.redbooks.ibm.com/cgi-bin/searchsite.cgi?query=as400+AND+secur
ity

Keep in mind that the release of the OS does have an impact on its
capabilities and if they have implemented PASE or Linux environments.

Good luck...

jb

John Bussert, CISSP, MCP
Swift Technologies, Inc.

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of xelerated
Sent: Friday, February 15, 2008 6:44 AM
To: Jon Kibler
Cc: pen-test@securityfocus.com
Subject: Re: AS400 Net Recon

Hi,

I have not tested this myself. But it looks good for as/400 specifics.

http://www.security-database.com/toolswatch/AS-400-Auditing-Framework-Be
ta.html

Then there is the trusty OSSTMM for your overall methodology to test
with.

http://www.osstmm.org

On Tue, Feb 12, 2008 at 3:11 PM, Jon Kibler <jon.r.kibler@gmail.com>
wrote:
> Hi,
>
> I have a client with AS400s on their LAN. They want a vulnerability
> scan, but having been burned in the past, I want to ask before doing:
> Are there any issues with scanning (nmap, nessus, etc.) AS400s?
>
> While I am at it, any good information on AS400 security? I see a few
> corporately published books for sale on the net about AS400 security,
> but I don't want to drop a couple of grand for a book by some
> organization I am not familiar with.
>
> Any help appreciated.
>
> Jon K.
>
>
------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
>
------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: whitehat: "Malicious file upload in .JPG or GIF format"
• Previous message: VoIP Hacker Clown: "VoIP Hopper 0.9.9 Released"
• In reply to: xelerated: "Re: AS400 Net Recon"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:24 EDT