I am trying to find a software that will scan an NT system for holes. Can anyone out there recommend a something???? We are having an audit next week and I want to make sure my systems are patched.
Thanks,
[email protected]
Printable View
I am trying to find a software that will scan an NT system for holes. Can anyone out there recommend a something???? We are having an audit next week and I want to make sure my systems are patched.
Thanks,
[email protected]
scan.sygatetech.com
download the trial version of netIQ security scanner. that should help a bit.
A great place to start looking for tools for any security task is
http://www.nmap.org/tools.html
cheers
yeah, they have a lot of good stuff there! :D
GREAT one!!! Checks for holes in NT system...Steve Gibson did this for the FBI. Remember to keep your system patched and updated! :p
http://grc.com/pw/patchwork.htm
And test those shields there too!
Markus
ok..here are some tools released by the devil himself.
for NT/2000 workstations : www.microsoft.com/technet/mpsa/start.asp
This will scan your systems for holes that have been patched according to the MS security bulletins and potential security risks in your computers. You may be a little shocked after you get the results. I have found it to be very helpful.
Another one for servers : its called HFNETCHK. It does the same thing but its DOS based and designed for servers. I don't have a link, but go to www.microsoft.com/security and look for it. It should be easy to find.
http://support.microsoft.com/support.../Q303/2/15.ASPQuote:
Originally posted by hogfly
Another one for servers : its called HFNETCHK. It does the same thing but its DOS based and designed for servers. I don't have a link, but go to www.microsoft.com/security and look for it. It should be easy to find.
You can also go to www.HackerWhacker.com. They can scan your address and tell you about and holes or ports that a hacker might be able to get into.
Quote:
Originally posted by hogfly
ok..here are some tools released by the devil himself.
for NT/2000 workstations : www.microsoft.com/technet/mpsa/start.asp
This will scan your systems for holes that have been patched according to the MS security bulletins and potential security risks in your computers. You may be a little shocked after you get the results. I have found it to be very helpful.
Another one for servers : its called HFNETCHK. It does the same thing but its DOS based and designed for servers. I don't have a link, but go to www.microsoft.com/security and look for it. It should be easy to find.
=================================================
I did the scan..everything came up green except for 6 hotfixes that aren't installed.
Are these fixes I SHOULD have?...for a stand alone Win2K?...or are these fixes network based?
I have SP2 and a few other patches,...but 6 more?...errr must be network ones I never bothered to install.>??
You should review each identified patch, some will be application specific, ie. terminal server, IIs, others are operating system general.
cheers
The only problem with the MPSA tool is that it is based on the registry keys. For example, lets say you install the security roll-up for IIS 4/5 . The roll-up contains a lot of the individual hotfixes, but not the individual registry keys. This is something I have a huge problem with, because some of the "unapplied" hotfixes , have indeed been applied and the tool does not recognize that fact.
As for the 6 other hotfixes, I would suggets you look them over and decide for yourself which are important to your situatuation. Afterall, I don't think a standalone win2k workstation needs the IRDA/infra red device overflow patched, but who knows.
For more information about the individual hotfixes, there are links within the tool, to lead you to them.
Hope that helps.