Re: Vulnerability assessment for small business

From: Susan Bradley (sbradcpa@pacbell.net)
Date: Fri Sep 30 2005 - 03:38:45 EDT

• Next message: Tim Hurman: "Re: Exploring Windows CE Shellcode"
• Previous message: Thomas Springer: "Re: How to check for SSL1 ?"
• In reply to: Jason Albuquerque: "RE: Vulnerability assessment for small business"
• Next in thread: ctg: "Re: Vulnerability assessment for small business"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Advice them to get a server for heavens sake. 25 PCs ... peer and no
SERVER? No AD?

Jason Albuquerque wrote:

>A program (pay for) called BELARC ADVISOR can run a full audit of all
>machines on your network=2E=2E=2E=2E
>It will give you a report on each machine giving you OS, apps, patch
>levels for OS and Apps, logins, hardware audit=2E=2E=2E=2E=2E=2E=2E=2E and much much
>more=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E=2E
>
>
>Jason Albuquerque
>
>GIS Manager
>
>Department of Information Systems
>
>80 Boston Neck Road
>
>Town of North Kingstown, RI 02852
>
>Tel=2E (401) 268=2D1516
>
>Fax (401) 295=2D2594
>
>www=2Enorthkingstown=2Eorg
>
> "There are 10 kinds of people in this world=2E The ones who understand
>binary and the ones who don't=2E"
>
>=2D=2D=2D=2D=2DOriginal Message=2D=2D=2D=2D=2D
>From: Billy Dodson [mailto:billy@pmicromart=2Ecom]
>Sent: Tuesday, September 27, 2005 5:34 PM
>To: pen=2Dtest@securityfocus=2Ecom
>Subject: Vulnerability assessment for small business
>
>
>
>When doing a vuln assessment for a small business (25 PC's, no server)
>which is using a peer=2Dto=2Dpeer windows network, how do you approach this?
>Say the customer has a firewall=2E=2E=2Ebut they don't host any services=2E All
>of the PC's have local usernames and passwords that vary from machine to
>machine=2E There is no one single administrator account across the board,
>and you have little time=2E So you cant run many automated tools to check
>patch levels and what not because you cant get remote access to the
>registry=2E There are no services to be tested from the outside=2E Do you
>manually go to each machine and test them individually? Of course you
>can run null scans on the LAN, but that is not going to provide the
>depth you need=2E Any ideas and pointers would be great=2E
>
>=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D
>=2D=2D=2D=2D=2D=2D
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on
>your
>website=2E Up to 75% of cyber attacks are launched on shopping carts,
>forms,
>login pages, dynamic content etc=2E Firewalls, SSL and locked=2Ddown servers
>are
>futile against web application hacking=2E Check your website for
>vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before
>hackers do!
>Download Trial at:
>
>http://www=2Esecurityfocus=2Ecom/sponsor/pen=2Dtest_050831
>=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D
>=2D=2D=2D=2D=2D=2D=2D
>
>
>
>=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D
>Audit your website security with Acunetix Web Vulnerability Scanner:
>
>Hackers are concentrating their efforts on attacking applications on your
>website=2E Up to 75% of cyber attacks are launched on shopping carts, forms,
>login pages, dynamic content etc=2E Firewalls, SSL and locked=2Ddown servers are
>futile against web application hacking=2E Check your website for vulnerabilities
>to SQL injection, Cross site scripting and other web attacks before hackers do!
>Download Trial at:
>
>http://www=2Esecurityfocus=2Ecom/sponsor/pen=2Dtest_050831
>=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D=2D
>
>
>
>
>

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Tim Hurman: "Re: Exploring Windows CE Shellcode"
• Previous message: Thomas Springer: "Re: How to check for SSL1 ?"
• In reply to: Jason Albuquerque: "RE: Vulnerability assessment for small business"
• Next in thread: ctg: "Re: Vulnerability assessment for small business"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:01 EDT