| Home |
| 05/11/02 | Redhat 8: Nessus 1.2.5 was used to scan Redhat 8 default install. No changes were made to the OS after installation, and the firewall default settings were kept. Interestingly enough, this install has proven to be a solid OS from the eyes of NESSUS. |
| 07/10/02 | Win XP SP1: Using NESSUS 1.2.5, the Microsoft Windows XP OS was scanned at a default install (no patches or alterations), then scanned again with its service pack. According to NESSUS's generated reports, SP1 nullified one (1) vulnerability related to the Windows' Universal Plug n' Play Support. |
| 20/09/02 | Win2k SP3: Windows 2000 was installed
as a "Stand Alone" server on a Dell 8100 and no additional
options were added or removed during or after the install. Throughout
the course of this experiment, service packs were applied. (Service
packs are cumulative, which means for example, Windows 2000 SP3 includes
all fixes from Windows 2000 Service Pack 1, Windows 2000 Service Pack
2, and the Windows 2000 Security Rollup Package version 1.) After
the application of each service pack, the Nessus port scanner audited
the Operating System and generated reports of what it deemed as common
and potential vulnerabilities. From the latest Nessus scan on Windows 2000 Server with Service Pack 3, an anomaly was observed: a +1 security hole. Also note: the vulnerability found in the web server, that NESSUS recommends applying SP2 to fix?!?!?! |
| 18/07/02 | Solaris 9: This is a new scan for the OS Scan project. Solaris 9 default install was scanned with Nessus version 1.2.3., which has a new reporting style. In this test, you will see there are 23 potential security problems. These problems range in everything from information leakage to actual, known holes. |
| 07/04/02 | Win ME: Windows ME was installed on a Dell 8100. While the focus of this study so far has been on servers, we felt it would be important to hit some of the popular workstation OS’s since many (ME) home users have broadband. Given that ME has far less default services running than a typical server would, the scan results were fairly predictable. |
| 26/03/02 | Solaris 6: This test was against Solaris 6 on a Sparc 5 platform. Solaris 6 was installed with all default services (such as Telnet, RPC and FTP), scanned then again scanned after the cluster patch was applied. With the cluster patch, this revealed little change from the default scan, similar to what we observed with Solaris 8. Perhaps we can now say that SUN looks at security differently from how NESSUS or we see it? |
| 22/03/02 | XP Default: Given that it is a relatively new OS, the exploit database was not large. We did a complete default install (i.e. with no patches or alterations). In Windows XP, there is a built in packet filtering firewall with nice logging features but by default this firewall is disabled. |
| 06/03/02 | NT 4: Windows NT 4 Server was installed as a "Stand Alone". A significant difference compared to Windows 2000 server is IIS does not install by default. Unlike Solaris 8, NT 4 had significant improvement when its Service Pack (6a) was applied. |
| 26/02/02: | Solaris 8: Of particular interest, after scanning Sun Solaris 8 with cluster patch, this revealed little change from the default scan. As we continue our testing and begin to document this, we invite you to take a preliminary look at the results. |
| 21/02/02: | Launch: OS Scan officically launched! Full details on what OS Scan is about are on the about page. Windows 2000 Server Scan Results are complete. We have complete NESSUS and NMAP scans of Windows 2000 pre-patch, SP1, SP2, and the Security Rollup Package in the results section. |
| Privacy
Policy Site Map |
All images, content & text
(unless other ownership applies) are © copyrighted 2002,InfosecWriters.com. All rights reserved. Comments are property of the
respective posters.
|