[plug] Tiger: security checker -- opinions?
Denis Brown
dsbrown at cyllene.uwa.edu.au
Thu Oct 25 14:30:54 WST 2001
At 13:23 24/10/01 +0800, Christian wrote:
>For memory Tiger is a bit like the SATAN/Saint style checker which looks
>primarily for general types of problems rather than specific flaws.
Yes, that's the way. Also good from a learning perspective --
understanding the various vulnerabilities and using that as a jumping-off
point for more reading.
>General problems are hopefully reasonably rare now that security is a
>bigger concern for vendors and specific vulnerabilities tend to be the
>source of most security problems. The problem with any sort of program
Agreed, although some file permissions in the Debian installation are not
as restrictive as AusCERT recommends. Perhaps I should take a look at
FreeBSD one of these days too, since that seems to be regarded as a leading
light in security out-of-the-box.
>that, Nessus is supposed to be one of the better ones and is free
Will check it out, thanks.
>software. At the end of the day though, nothing compares to tracking
>vulnerabilities daily combined with a generally restrictive setup.
I respect the wisdom of this :-) As much as anything it's also a good
educational exercise. Restriction-wise the test setup has a pretty much
100% airgap firewall during config and would eventually only need to work
within one or two subnets so I can button it down pretty well.
Regards,
Denis
More information about the plug
mailing list