Details of vulnerability assessment practices
- vulnerability scans occur from specific pre-announced hostnames
- hostnames are always assigned to Linux or Solaris machines
- this includes testing of Windows machines; programs include
- NetBIOS Auditing Tool
- smbclient (from the Samba distribution)
- the rain.forest.puppy MDAC perl script
- all of these were locally modified
- rarely use Windows client; goes through transport-layer proxies
- software development:
- protect vulnerability test programs from server-to-client attacks
- MIT-specific changes (e.g., default passwords or pathnames)
- long perl script to automatically compose and address mail
- mail must reach right persons and be regarded as high priority
- right persons: incomplete central databases and machine's contents
- high priority: text needs to convince person to fix the problem
Copyright 2000, Massachusetts Institute of Technology.
All rights reserved.
The term "Windows" above refers to the
Microsoft® Windows® operating system. Microsoft® and
Windows® are registered trademarks of Microsoft Corporation in the
United States and other countries.
Solaris® is a registered trademark of Sun
Microsystems, Inc. in the United States and other countries.