[clue-admin] CLUE server security audit
Jed S. Baer
thag at frii.com
Sat Feb 12 18:29:41 MST 2005
On Sat, 12 Feb 2005 18:20:18 -0700
David Anselmi wrote:
> But we can give the auditor access to the box, so remote testing doesn't
> seem necessary (e.g., much easier to do offline password cracking to
> find weak passwords rather than brute forcing across the network).
> Maybe we do a quick nmap to be sure that netstat isn't lying.
Yeah. The purpose of an attack from outside is too see if other auditing,
and/or changes, have missed anything. NMAP is a good idea. Not being a
security geek, I don't about other probing methods, but I assume they
exist.
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-admin
mailing list