<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
<style>
<!--
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman";}
h1
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.4in;
text-indent:-.4in;
page-break-after:avoid;
mso-list:l3 level1 lfo1;
font-size:14.0pt;
font-family:Arial;
layout-grid-mode:line;}
h2
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.9in;
text-indent:-.4in;
page-break-after:avoid;
mso-list:l3 level2 lfo1;
font-size:12.0pt;
font-family:Arial;
layout-grid-mode:line;}
h3
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.1in;
text-indent:-.5in;
page-break-after:avoid;
mso-list:l3 level3 lfo1;
font-size:11.0pt;
font-family:Arial;
layout-grid-mode:line;}
h4
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.6in;
text-indent:-.6in;
page-break-after:avoid;
mso-list:l3 level4 lfo1;
font-size:10.0pt;
font-family:Arial;
layout-grid-mode:line;}
h5
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.7in;
text-indent:-.7in;
mso-list:l3 level5 lfo1;
font-size:11.0pt;
font-family:Arial;
layout-grid-mode:line;
font-weight:normal;}
h6
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.8in;
text-indent:-.8in;
mso-list:l3 level6 lfo1;
font-size:11.0pt;
font-family:"Times New Roman";
layout-grid-mode:line;
font-weight:normal;
font-style:italic;}
p.MsoHeading7, li.MsoHeading7, div.MsoHeading7
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.9in;
text-indent:-.9in;
mso-list:l3 level7 lfo1;
font-size:10.0pt;
font-family:Arial;
layout-grid-mode:line;}
p.MsoHeading8, li.MsoHeading8, div.MsoHeading8
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.0in;
text-indent:-1.0in;
mso-list:l3 level8 lfo1;
font-size:10.0pt;
font-family:Arial;
layout-grid-mode:line;
font-style:italic;}
p.MsoHeading9, li.MsoHeading9, div.MsoHeading9
{margin-top:12.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:1.1in;
text-indent:-1.1in;
mso-list:l3 level9 lfo1;
font-size:9.0pt;
font-family:Arial;
layout-grid-mode:line;
font-weight:bold;
font-style:italic;}
p.MsoListBullet, li.MsoListBullet, div.MsoListBullet
{margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.25in;
margin-bottom:.0001pt;
text-indent:-.25in;
mso-list:l0 level1 lfo2;
font-size:10.0pt;
font-family:Arial;
layout-grid-mode:line;}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:Arial;
color:windowtext;}
p.Body, li.Body, div.Body
{margin-top:3.0pt;
margin-right:0in;
margin-bottom:3.0pt;
margin-left:.1in;
font-size:11.0pt;
font-family:Arial;
layout-grid-mode:line;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.25in 1.0in 1.25in;}
div.Section1
{page:Section1;}
/* List Definitions */
@list l0
{mso-list-id:-119;
mso-list-type:simple;
mso-list-template-ids:818173328;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-style-link:"List Bullet";
mso-level-text:\F0B7;
mso-level-tab-stop:.25in;
mso-level-number-position:left;
margin-left:.25in;
text-indent:-.25in;
font-family:Symbol;}
@list l1
{mso-list-id:38943074;
mso-list-type:hybrid;
mso-list-template-ids:1322929944 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l1:level1
{mso-level-tab-stop:1.25in;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;}
@list l2
{mso-list-id:1185170979;
mso-list-type:hybrid;
mso-list-template-ids:-513214048 67698703 67698713 67698715 67698703 67698713 67698715 67698703 67698713 67698715;}
@list l2:level1
{mso-level-tab-stop:1.25in;
mso-level-number-position:left;
margin-left:1.25in;
text-indent:-.25in;}
@list l3
{mso-list-id:1706174868;
mso-list-template-ids:759873332;}
@list l3:level1
{mso-level-style-link:"Heading 1";
mso-level-text:"%1\.0";
mso-level-tab-stop:.4in;
mso-level-number-position:left;
margin-left:.4in;
text-indent:-.4in;}
@list l3:level2
{mso-level-style-link:"Heading 2";
mso-level-text:"%1\.%2";
mso-level-tab-stop:.4in;
mso-level-number-position:left;
margin-left:.4in;
text-indent:-.4in;}
@list l3:level3
{mso-level-style-link:"Heading 3";
mso-level-text:"%1\.%2\.%3";
mso-level-tab-stop:.5in;
mso-level-number-position:left;
margin-left:.5in;
text-indent:-.5in;}
@list l3:level4
{mso-level-style-link:"Heading 4";
mso-level-text:"%1\.%2\.%3\.%4";
mso-level-tab-stop:.6in;
mso-level-number-position:left;
margin-left:.6in;
text-indent:-.6in;}
@list l3:level5
{mso-level-style-link:"Heading 5";
mso-level-text:"%1\.%2\.%3\.%4\.%5";
mso-level-tab-stop:.7in;
mso-level-number-position:left;
margin-left:.7in;
text-indent:-.7in;}
@list l3:level6
{mso-level-style-link:"Heading 6";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6";
mso-level-tab-stop:.8in;
mso-level-number-position:left;
margin-left:.8in;
text-indent:-.8in;}
@list l3:level7
{mso-level-style-link:"Heading 7";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7";
mso-level-tab-stop:.9in;
mso-level-number-position:left;
margin-left:.9in;
text-indent:-.9in;}
@list l3:level8
{mso-level-style-link:"Heading 8";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8";
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
margin-left:1.0in;
text-indent:-1.0in;}
@list l3:level9
{mso-level-style-link:"Heading 9";
mso-level-text:"%1\.%2\.%3\.%4\.%5\.%6\.%7\.%8\.%9";
mso-level-tab-stop:1.1in;
mso-level-number-position:left;
margin-left:1.1in;
text-indent:-1.1in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
-->
</style>
</head>
<body lang=EN-US link=blue vlink=purple>
<div class=Section1>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Hey,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I am doing a report on vulnerability scans and what should
be included in it. I came up with a list of what I think should be included in
a scan for in different operating systems. Wondering if you guys could direct
me to pages that can inform me or give me your ideas. Below is the lists I
created. This is for a scan on a single machine and is mostly targeted towards
Unix/Linux machines. Let me know.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=Body style='margin-left:.5in;text-align:justify'><font size=2
face=Arial><span style='font-size:11.0pt'> This section lists the
Unix system security criteria:<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l1 level1 lfo3'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>1.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>/etc/passwd not world-writable<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l1 level1 lfo3'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>2.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>No unnecessary services running<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l1 level1 lfo3'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>3.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>FTP directory not writable by user anonymous<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l1 level1 lfo3'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>4.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>NFS not configured to be world-writable<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l1 level1 lfo3'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>5.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>Passwords not crackable by dictionary attack<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l1 level1 lfo3'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>6.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>…<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l1 level1 lfo3'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>7.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>…<o:p></o:p></span></font></p>
<p class=Body><font size=2 face=Arial><o:p> </o:p></font></p>
<h3><![if !supportLists]><b><font size=2 face=Arial><span style='font-size:
11.0pt'><span style='mso-list:Ignore'>1.1.1<font size=1 face="Times New Roman"><span
style='font:7.0pt "Times New Roman"'> </span></font></span></span></font></b><![endif]>Windows
System Security Criteria<o:p></o:p></h3>
<p class=Body style='margin-left:.5in;text-align:justify'><font size=2
face=Arial><span style='font-size:11.0pt'> This section lists the
Windows system security criteria:<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l2 level1 lfo4'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>1.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>guest account disabled<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l2 level1 lfo4'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>2.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>No unnecessary services running<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l2 level1 lfo4'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>3.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>System patched with most recent applicable hot fixes<o:p></o:p></span></font></p>
<p class=MsoListBullet style='margin-left:1.25in;mso-list:l2 level1 lfo4'><![if !supportLists]><font
size=2 face=Arial><span style='font-size:11.0pt'><span style='mso-list:Ignore'>4.<font
size=1 face="Times New Roman"><span style='font:7.0pt "Times New Roman"'>
</span></font></span></span></font><![endif]><font size=2><span
style='font-size:11.0pt'>Passwords not crackable by dictionary attack<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>I have also included a port/services scan using nessus and the
SANS Top 20 list.<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Thanks,<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'>Robert Raver<o:p></o:p></span></font></p>
<p class=MsoNormal><font size=2 face=Arial><span style='font-size:10.0pt;
font-family:Arial'><o:p> </o:p></span></font></p>
</div>
</body>
</html>