RE: DISA Security Readiness Review Evaluation Scripts

From: Matt (m.vigorito@comcast.net)
Date: Sun Nov 27 2005 - 20:43:51 EST

• Next message: Erin Carroll: "RE: Moving from Defense to Offense (or vice versa) to secure your network"
• Previous message: Andrew Simmons: "Re: Identifying whether 2 IPs are from the same server"
• In reply to: techlists@comcast.net: "RE: DISA Security Readiness Review Evaluation Scripts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I've used the DISA disks to validate OS hardening dozens of times. I like
how fast they run and the 'granularity of their results', but am hesitant to
endorse them on any other level due to the 'granularity of their results'.
It is way time consuming to mill through all of the results and you better
have a reliable way to read them once you get them to another system. It is
not impossible, just more complicated than it has to be. For example, you
have to go into the 'print' results button in order to save the results.
The whole process of saving the results, taking them to an offline analysis
box, loading them up, and evaluating a whole host of findings that aren't
even findings is extremely burdensome. And, PG and Mike are correct...don't
select to fix the findings or you will be left with an unusable box of scrap
parts.

In my opinion, a better tool is the new one from the Center for Internet
Security, www.cisecurity.org. It is brand new this month, works on Windows,
and does a better job with identifying, reporting, and packaging the
results. It's called the Next Generation Scoring Tool and is rooted in NSA
and other industry partner guidelines. Bottom line, no one product is
perfect, but this is just another suggestion for another free tool for your
auditing toolbox.

Matt

-----Original Message-----
From: techlists@comcast.net [mailto:techlists@comcast.net]
Sent: Friday, November 25, 2005 9:57 PM
To: Smith, Michael J.; hannibal blog; pen-test@securityfocus.com
Subject: RE: DISA Security Readiness Review Evaluation Scripts

The Gold Disk itself runs very fast. It will scan your system in 2-3
minutes.

It allows you to apply the patches and recommended fixes very fast. If you
blindly apply all of the recommended fixes, it will also break your system
very fast, guaranteed. ("very fast" - do we see a pattern here?) There is
even a "Platinum" level on the Gold Disk, even more restrictive than "Gold"
level; now that one will break your system even more badly than the Gold.

It's good if you have a test lab that accurately represents your production
network, so you can test the Gold Disk against your standard set of apps to
see what is affected.

PG

> The SRR scripts are very good, but keep in mind that what they do is
> check the configurations that are specified in the STIGs.
>
> It goes like this:
> NSA creates Security Guides
> Which begat:
> DISA Security Technical Implementation Guides Which begat:
> DISA Manual Checklists
> Which begat:
> DISA SRR Scripts
>
> What the SRR Scripts are is an automated way to do the checks in the
> manual checklists.
>
> A word of caution is that if an OS is configured according to the
> STIGS, they will break. The good thing is that it's a fast tool to
> check for vulnerabilities.
>
> The scripts for windows machines use winbatch as the script language.
> They take about 15-20 minutes to run once you've figured out how to do
> it. What we do is go into an office, select a random percentage of
> computers to check, load the script, and start it. By the time we're
> done starting the script on the last computer, it's time to start
> retrieving results off the first ones.
>
> When DISA sends their audit team around, they run the SRR Scripts and
> an external scan with ISS or Retina.
>
> As for the .mil restriction, last time I looked at them, they allow
> anybody to download the STIGS but you need a .mil address to download
> the SRR Scripts. There is also the "gold disk" which has all the SRR
> Scripts on it.
>
> HTH
> --Mike
>
>
>
> Michael J Smith michael.j.smith@unisys.com Information Security
> Architect
> 703.419.3109 W
> 703.855.0890 C
> "Those who do not understand Unix are condemned to reinvent it, poorly."
>
> --Henry Spencer
>
> > -----Original Message-----
> > From: hannibal blog [mailto:hannibalsec@gmail.com]
> > Sent: Thursday, November 24, 2005 3:19 AM
> > To: pen-test@securityfocus.com
> > Subject: DISA Security Readiness Review Evaluation Scripts
> >
> > Hello
> >
> > did anyone try the publicly available disa SRR availble at
> > http://iase.disa.mil/stigs/SRR/ what is the diference between the
> > publicly available ones and those reserved to .mil ?
> > What do u think about using them to audit a customer win 2k server ?
> >
> >
> ----------------------------------------------------------------------
> --
> --
> > ----
> > Audit your website security with Acunetix Web Vulnerability Scanner:
> >
> > Hackers are concentrating their efforts on attacking applications on
> your
> > website. Up to 75% of cyber attacks are launched on shopping carts,
> forms,
> > login pages, dynamic content etc. Firewalls, SSL and locked-down
> servers
> > are
> > futile against web application hacking. Check your website for
> > vulnerabilities to SQL injection, Cross site scripting and other web
> > attacks before hackers do!
> > Download Trial at:
> >
> > http://www.securityfocus.com/sponsor/pen-test_050831
> >
> ----------------------------------------------------------------------
> --
> --
> > -----
>
>
> ----------------------------------------------------------------------
> -------- Audit your website security with Acunetix Web Vulnerability
> Scanner:
>
> Hackers are concentrating their efforts on attacking applications on
> your website. Up to 75% of cyber attacks are launched on shopping
> carts, forms, login pages, dynamic content etc. Firewalls, SSL and
> locked-down servers are futile against web application hacking. Check
> your website for vulnerabilities to SQL injection, Cross site scripting
and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> ----------------------------------------------------------------------
> ---------
>

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities to SQL injection, Cross site scripting and other web attacks
before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Erin Carroll: "RE: Moving from Defense to Offense (or vice versa) to secure your network"
• Previous message: Andrew Simmons: "Re: Identifying whether 2 IPs are from the same server"
• In reply to: techlists@comcast.net: "RE: DISA Security Readiness Review Evaluation Scripts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:12 EDT