Cyber Security Expo
About Us

ISW News & Events

Text Library

Submit Your Paper
Recommended Reading
Contact Us

Subscribe to our monthly newsletter and receive updates on:
Security/Hack Challenges
ISW's Monthly Contest Prizes & Winners
Recommended Security Books & Reviews
Recently Published Papers
Click here to subscribe/unsubscribe!

Opt-in Terms | Archives
What is the top security concern you have today?
Virtual System Attacks
Social Network

Best Security Papers of the Month Contest:

Contest FAQs

Prizes Catalog

Markus Jakobsson & Zulfikar Ramzan

Read the review here!


The OS Scan Project

OS Scan Results

About The OS Scan | Results

Operating Systems Scanned & Tested:

        Microsoft Windows       Red Hat Linux       Sun Microsystems
  • Red Hat Enterprise Linux ES 
  • Red Hat 9
  • Red Hat 8



Windows 2003 Server

  Default SP1       Trends (Last Updated: 06/06/03)
NESSUS         Default Nessus scan showed one low risk security hole and 7 security warnings.

Windows 2000 Server

  Default SP1 SP2 SP3 SP4 Trends (Last Updated: 20/09/03)
NESSUS   Windows 2000 was installed as a "Stand Alone" server on a Dell 8100 and no additional options were added or removed during or after the install. Throughout the course of this experiment, service packs were applied.
From the latest Nessus scan on Windows 2000 Server with Service Pack 3, an anomaly was observed: a +1 security hole.
Also note: the vulnerability found in the web server, that NESSUS recommends applying SP2 to fix?!?!?!

Windows NT 4 Server

  Default SP6a       Trends (Last Updated: 06/03/02)
NESSUS       Windows NT 4 Server was installed as a "Stand Alone". A significant difference compared to Windows 2000 server is IIS does not install by default. Unlike Solaris 8, NT 4 had significant improvement when its Service Pack (6a) was applied.

Windows XP

  Default SP1       Trends (Last Updated: 07/10/02)
NESSUS       the Microsoft Windows XP OS was scanned at a default install (no patches or alterations), then scanned again with its service pack. According to Nessus' generated reports, SP1 nullified one (1) vulnerability related to the Windows' Universal Plug n' Play Support.

Windows ME

  Default SP       Trends (07/04/02)
NESSUS       Windows ME was installed on a Dell 8100. While the focus of this study so far has been on servers, we felt it would be important to hit some of the popular workstation OS’s since many (ME) home users have broadband. Given that ME has far less default services running than a typical server would, the scan results were fairly predictable.



Red Hat 9 Server

  Default         Trends

Red Hat 8 Pro

  Default         Trends
NESSUS         Nessus 1.2.5 was used to scan Redhat 8 default install. No changes were made to the OS after installation, and the firewall default settings were kept. Interestingly enough, this install has proven to be a solid OS from the eyes of NESSUS.



Solaris 9

  Default CP       Trends
NESSUS         This is a new scan for the OS Scan project. Solaris 9 default install was scanned with Nessus version 1.2.3., which has a new reporting style. In this test, you will see there are 23 potential security problems. These problems range in everything from information leakage to actual, known holes.

Solaris 8

  Default CP       Trends
NESSUS       Of particular interest, after scanning Sun Solaris 8 with cluster patch, this revealed little change from the default scan.

Solaris 6

  Default CP       Trends
NESSUS       This test was against Solaris 6 on a Sparc 5 platform. Solaris 6 was installed with all default services (such as Telnet, RPC and FTP), scanned then again scanned after the cluster patch was applied. With the cluster patch, this revealed little change from the default scan, similar to what we observed with Solaris 8.



All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.