[clue-admin] CLUE server security audit
David Anselmi
anselmi at anselmi.us
Sat Feb 12 18:20:18 MST 2005
Crawford Rainwater wrote:
> Comments below.
>
> On Sun, 2005-02-06 at 12:00 -0700, clue-admin-request at clue.denver.co.us
> wrote:
>
>> 1. RE: CLUE server security audit (Robert Harper)
>
>>Some questions regarding the security audit request of the CLUE server.
>>
>>1) How is it done?
>
> Various ways to test the security of the box basically.
>
>>2) Why do we need Tech Angle's permission
>
> Because if Tech Angle does have a good IDS system in place, it could be
> preceived as a hacking attempt or worse.
But we can give the auditor access to the box, so remote testing doesn't
seem necessary (e.g., much easier to do offline password cracking to
find weak passwords rather than brute forcing across the network).
Maybe we do a quick nmap to be sure that netstat isn't lying.
Dave
More information about the clue-admin
mailing list