IPSO/Secure Platform audit

From: Dan Rogers (pentestguy@gmail.com)
Date: Thu Aug 18 2005 - 08:00:50 EDT


Hi list,

I'm currently reviewing a Check point/Nokia box and a Secure Platform
manager. The settings in Voyager are all good, and likewise the Web
GUI of the SPLAT manager is fine, they're both patched and the policy
is also clean - but I want to ensure the o/s themselves are ok. I've
checked that there aren't any users there shouldn't be in /etc/passwd,
checked there aren't any unknown processes (at least any visible
ones), any unusual open ports or any strange scripts scheduled to run
in crontab. The firewall logs themselves aren't showing anything
unusual.

I am concerned that a previous administrator may have left himself
access by the back-door somehow - but am not in a position to rebuild
them to be sure. What else would you lot check for?

Ta

Dan

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:45 EDT