May 24th, 2005, 08:13 PM
May 24th, 2005, 08:41 PM
If your information is useful and not just another 1/2 baked "tutorial" I'm sure it will be fine.
Oh, avoid dipshit hacker speak as a bonus... Be sure to use real words..
Posting a small example of content you are worried about might be helpful to those who care to comment..
May 24th, 2005, 10:41 PM
Ok. Not looking to post a tutorial, rather a checklist for something I want to deploy for myself and other IT auditors. I was thinking that trying to follow a type of hacker methodology might work best to try and show our auditees what possible risks they are exposing our company to. I would have the methodology and then within each step of the methodology, the controls to look for in each OS we support. Before posting the whole thing, this is the thought I had:
Example of adapting a hacker methodology to an IT audit checklist.
Note that step 1A will be taken care through a survey we send to the auditee - meaning they know we are coming, which we want:
0. OS/OE to include: RH Linux, WINNT, W2K, W2K3
A. Site contacts, server/workstation, ip ranges, domains (if applicable). Check computer survey
B. Review auditee's HTML, if applicable.
B. Review HTML for additional information, if applicable
C. Check public sites for information about our company(?)
(1) Google ( http://www.google.com )
(2) Netcraft ( http://www.netcraft.com )
(3) Big Brother ( http://www.bb4.com )
D. Check to see if reverse dns lookup is enabled - does it need to be?
(1) Explanation on how to check for zone transfers...
E. Check to see
Actually - before I go on, I think I cannot use this type of methodology for an internal audit. I am going back to the drawing board as I just remembered some SANS training I had as well, and I will combine the above Foundstone ideas with the SANS and just post for comments and see what shakes loose.
May 24th, 2005, 10:53 PM
I hate to volunteer others' services but try sending a PM to catch and cacosapo.............tell them I suggested it
There are several others but those are the ones I would start with, as they are both professional consultants and will certainly be able to point you in the right direction.
May 25th, 2005, 07:34 PM
Thanks much nihil! Will do.
Also - part of what I was going to include in my checklist (and I will also run this by catch and cacosapo) the following from SANS:
Now SANS states that with 2 and 3 above, you would get more information than just using the scanning tools alone. So far in my experience, I would say that is possible, but it depends on 1) interviews: your interview style and the willingness/comfort level of the interviewee 2) console: know what you are looking for.
When conducting an IT audit don't rely solely on automated tools, rather employ the following strategy:
1. Automated scanning tools
2. Time at the console with the administrator(s)
Anywho - thanks again.