Cyber Security Expo
Home
About Us

ISW News & Events

Text Library

Submit Your Paper
Contest
Recommended Reading
Contact Us
 

Subscribe to our monthly newsletter and receive updates on:
 
Security/Hack Challenges
ISW's Monthly Contest Prizes & Winners
Recommended Security Books & Reviews
Recently Published Papers
Click here to subscribe/unsubscribe!

Opt-in Terms | Archives
What is the top security concern you have today?
 
Virtual System Attacks
Cloud
Social Network
Web
Email
   

Best Security Papers of the Month Contest:

Contest FAQs

Prizes Catalog



Markus Jakobsson & Zulfikar Ramzan

Read the review here!
 

 

The OS Scan Project

OS Scan Results

About The OS Scan | Results
 

Operating Systems Scanned & Tested:

        Microsoft Windows       Red Hat Linux       Sun Microsystems
Server
  • Red Hat Enterprise Linux ES 
  • Red Hat 9
  • Red Hat 8
Client  


MICROSOFT WINDOWS

 
Server:
 

Windows 2003 Server

  Default SP1       Trends (Last Updated: 06/06/03)
NESSUS         Default Nessus scan showed one low risk security hole and 7 security warnings.
NMAP          
 
 

Windows 2000 Server

  Default SP1 SP2 SP3 SP4 Trends (Last Updated: 20/09/03)
NESSUS   Windows 2000 was installed as a "Stand Alone" server on a Dell 8100 and no additional options were added or removed during or after the install. Throughout the course of this experiment, service packs were applied.
From the latest Nessus scan on Windows 2000 Server with Service Pack 3, an anomaly was observed: a +1 security hole.
Also note: the vulnerability found in the web server, that NESSUS recommends applying SP2 to fix?!?!?!
NMAP      
 
 

Windows NT 4 Server

  Default SP6a       Trends (Last Updated: 06/03/02)
NESSUS       Windows NT 4 Server was installed as a "Stand Alone". A significant difference compared to Windows 2000 server is IIS does not install by default. Unlike Solaris 8, NT 4 had significant improvement when its Service Pack (6a) was applied.
NMAP          
 
Client:
 

Windows XP

  Default SP1       Trends (Last Updated: 07/10/02)
NESSUS       the Microsoft Windows XP OS was scanned at a default install (no patches or alterations), then scanned again with its service pack. According to Nessus' generated reports, SP1 nullified one (1) vulnerability related to the Windows' Universal Plug n' Play Support.
NMAP          
 
 

Windows ME

  Default SP       Trends (07/04/02)
NESSUS       Windows ME was installed on a Dell 8100. While the focus of this study so far has been on servers, we felt it would be important to hit some of the popular workstation OS’s since many (ME) home users have broadband. Given that ME has far less default services running than a typical server would, the scan results were fairly predictable.
NMAP          
 
 

LINUX RED HAT

 
Server:
 

Red Hat 9 Server

  Default         Trends
NESSUS            
NMAP          
 
Client:
 

Red Hat 8 Pro

  Default         Trends
NESSUS         Nessus 1.2.5 was used to scan Redhat 8 default install. No changes were made to the OS after installation, and the firewall default settings were kept. Interestingly enough, this install has proven to be a solid OS from the eyes of NESSUS.
NMAP          
 
 

SUN SOLARIS

 
Server:
 

Solaris 9

  Default CP       Trends
NESSUS         This is a new scan for the OS Scan project. Solaris 9 default install was scanned with Nessus version 1.2.3., which has a new reporting style. In this test, you will see there are 23 potential security problems. These problems range in everything from information leakage to actual, known holes.
NMAP          
 
 

Solaris 8

  Default CP       Trends
NESSUS       Of particular interest, after scanning Sun Solaris 8 with cluster patch, this revealed little change from the default scan.
NMAP          
 
 

Solaris 6

  Default CP       Trends
NESSUS       This test was against Solaris 6 on a Sparc 5 platform. Solaris 6 was installed with all default services (such as Telnet, RPC and FTP), scanned then again scanned after the cluster patch was applied. With the cluster patch, this revealed little change from the default scan, similar to what we observed with Solaris 8.
NMAP          
 
 

 

 


All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.