Subject: | |
From: | |
Reply To: | |
Date: | Fri, 1 Dec 2006 11:51:51 -0500 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Wouldn't a check of CIAC and CERT be useful here? What vulnerabilities I
found last time I looked were from ported code that had long since been
patched.
I recall finding some useful things to check in a Mark Bixby PowerPoint
presentation. There were some handy scripts to, among several other things,
check for users with SM, and users without passwords. That fun to
cross-reference. Those are things to worry about, and perhaps showing that
you've done just that might impress some auditors.
That's not to say that a SAMBA share could not serve as a staging area for
Windows malware... a kind of "Typhoid Mary" for your Windows network. I
remember hearing about an AS/400 that got used as an open mail relay, and
not so much because the AS/400 had a problem as that the admin who started
the services never learned the basics about how to configure them.
Greg Stigers
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|
|
|