[Leaplist] Security Audit Advice
Randall Perry
randallp at hcrn.info
Sat Dec 15 02:51:24 GMT 2007
-Check for existing policies regarding password setting/rotation.
-who has access to what systems (locally, remotely, physical security)
-Port scanning is part of it, but you have to look beyond that. (like
are the services on standard ports, or moved somewhere else)
-what kind of security is at the perimeter (properly zoned with what
kind of equipment).
-where is data stored. Where is its backup stored?
-software: is it up-to-date? questionable licensing? load balancing
services across devices?
-Best practices/best app for the job? Daemons and services on servers
or apps on clients like to use Firefox instead of IE.
-on Windows boxes: don't just check for virus. Check for spyware and
stupid services that users willingly run (like incredimail).
Bigger source of risk:
Disaster preparedness.
Backup procedures, methods, documentation. Also consider sources of
hardware if site is wiped out and how quickly they can reassemble.
Was it tested? (actually try recovering from media).
On 12/14/07, Aaron Morrison <ae4ko at amsat.org> wrote:
> Ok.
>
> Looks like I may have a small gig doing a security audit for a company.
>
> Other than port scanning (which will be authorized, BTW), checking
> running services/processes, checking usernames, and the odd setuid
> root app, what kinds of things should a good audit be checking for?
>
> Opinions? Tool recommendations?
>
> --am
>
--
*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.,_,.-:*'``'*:-.
Randall Perry
Hope Crisis Response Network
www.hcrn.info
More information about the Leaplist
mailing list