Hello, Thanks to all the responses I received regarding this query. The majority opinion has been the Center for Internet Security's (www.cisecurity.org) benchmark tools. Their use of a score system can provide a good metric for management when they ask "did the changes improve security". Their explanations of how to fix a problem are also understandable. Other helpful suggestions have been... - Titan (http://www.fish.com/titan/) to help lock down a system since it can be easily scripted to apply to a new system - SARA (Security Auditors Research Assistant) http://www-arc.com/sara/ - http://www.iss.net/products_services/enterprise_protection/vulnerability_assessment/scanner_system.php - going through inetd.conf and turning off anything not required - secure shell (SSH) - tripwire Regards, David _____________________________________________________________________________________ Hello, We have some systems running Solaris 2.6 & Solaris 8 and we want to test the boxes from a security point of view. I was wondering what program or scripts people would suggest that could be run on these boxes to test their security levels and generate a report with recommendations for resolving issues (i.e. patches, processed stopped, file permissions, etc). Any thoughts are appreciated. Thanks in advance, David _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Wed Jun 25 16:23:54 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:15 EST