From: VinetteD@stentor.ca
Date: Wed Jun 25 2003 - 16:11:37 EDT
Hello,
Thanks to all the responses I received regarding this query. The majority
opinion has been the Center for Internet Security's (www.cisecurity.org)
benchmark tools. Their use of a score system can provide a good metric for
management when they ask "did the changes improve security". Their explanations
of how to fix a problem are also understandable. Other helpful suggestions have
been...
- Titan (http://www.fish.com/titan/) to help lock down a system since it can be
easily scripted to apply to a new system
- SARA (Security Auditors Research Assistant) http://www-arc.com/sara/
-
http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_system.php
- going through inetd.conf and turning off anything not required
- secure shell (SSH)
- tripwire
Regards,
David
_____________________________________________________________________________________
Hello,
We have some systems running Solaris 2.6 & Solaris 8 and we want to test
the boxes from a security point of view. I was wondering what program or
scripts people would suggest that could be run on these boxes to test their
security levels and generate a report with recommendations for resolving issues
(i.e. patches, processed stopped, file permissions, etc). Any thoughts are
appreciated.
Thanks in advance,
David
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:26:39 EDT