question

Discussion in 'Computer Security' started by edouble, Dec 9, 2004.

  1. edouble

    edouble Guest

    Well my question might sound a little stupid, but i am still approching
    security.

    the question:

    If i have to test security on a Windows machine do i have to use windows?
    if i have to test security on a unix machine do i have to use unix/linux?

    i mean
    windows==windows
    linux==linux

    thanks in advance.
     
    edouble, Dec 9, 2004
    #1
    1. Advertising

  2. edouble

    donnie Guest

    On Thu, 09 Dec 2004 09:50:59 GMT, "edouble" <> wrote:

    >Well my question might sound a little stupid, but i am still approching
    >security.
    >
    >the question:
    >
    >If i have to test security on a Windows machine do i have to use windows?
    >if i have to test security on a unix machine do i have to use unix/linux?
    >
    >i mean
    >windows==windows
    >linux==linux
    >
    >thanks in advance.
    >
    >

    #############################
    You don't have to use windows for windows and unix for unix. I can
    run nmap on unix to port scan a windows box and ostrosoft on windows
    to port scan unix. However, when it comes to using certain
    hacking/network tools testing scripts, the choice of OS maybe limited.
    donnie.
     
    donnie, Dec 9, 2004
    #2
    1. Advertising

  3. edouble

    k Guest

    donnie wrote:

    > On Thu, 09 Dec 2004 09:50:59 GMT, "edouble" <> wrote:
    >
    >>Well my question might sound a little stupid, but i am still approching
    >>security.
    >>
    >>the question:
    >>
    >>If i have to test security on a Windows machine do i have to use windows?
    >>if i have to test security on a unix machine do i have to use unix/linux?
    >>
    >>i mean
    >>windows==windows
    >>linux==linux
    >>
    >>thanks in advance.
    >>
    >>

    > #############################
    > You don't have to use windows for windows and unix for unix. I can
    > run nmap on unix to port scan a windows box and ostrosoft on windows
    > to port scan unix. However, when it comes to using certain
    > hacking/network tools testing scripts, the choice of OS maybe limited.
    > donnie.


    He is absolutely right.  You can use either to scan the other.  I preffer to
    use linux when scanning any system. The Nessus (www.nessus.org) security
    auditing software works really good for scanning windows machines.  You can
    specify specific 'plugins' to use.  It allows you to specify windows
    specific testing.  Its good for a beginner.
     
    k, Dec 9, 2004
    #3
  4. k wrote:

    > donnie wrote:
    >
    >> On Thu, 09 Dec 2004 09:50:59 GMT, "edouble" <> wrote:
    >>
    >>>Well my question might sound a little stupid, but i am still approching
    >>>security.
    >>>
    >>>the question:
    >>>
    >>>If i have to test security on a Windows machine do i have to use windows?
    >>>if i have to test security on a unix machine do i have to use unix/linux?
    >>>
    >>>i mean
    >>>windows==windows
    >>>linux==linux
    >>>
    >>>thanks in advance.
    >>>
    >>>

    >> #############################
    >> You don't have to use windows for windows and unix for unix. I can
    >> run nmap on unix to port scan a windows box and ostrosoft on windows
    >> to port scan unix. However, when it comes to using certain
    >> hacking/network tools testing scripts, the choice of OS maybe limited.
    >> donnie.

    >
    > He is absolutely right.  You can use either to scan the other.  I preffer
    > to use linux when scanning any system. The Nessus (www.nessus.org)
    > security auditing software works really good for scanning windows
    > machines.  You can specify specific 'plugins' to use.  It allows you to
    > specify windows specific testing.  Its good for a beginner.


    I agree also. Not sure if you are using UNIX but, check out www.nessus.org.

    Michael
     
    Michael J. Pelletier, Dec 10, 2004
    #4
  5. edouble

    winged Guest

    Michael J. Pelletier wrote:
    > k wrote:
    >
    >
    >>donnie wrote:
    >>
    >>
    >>>On Thu, 09 Dec 2004 09:50:59 GMT, "edouble" <> wrote:
    >>>
    >>>
    >>>>Well my question might sound a little stupid, but i am still approching
    >>>>security.
    >>>>
    >>>>the question:
    >>>>
    >>>>If i have to test security on a Windows machine do i have to use windows?
    >>>>if i have to test security on a unix machine do i have to use unix/linux?
    >>>>
    >>>>i mean
    >>>>windows==windows
    >>>>linux==linux
    >>>>
    >>>>thanks in advance.
    >>>>
    >>>>
    >>>
    >>>#############################
    >>>You don't have to use windows for windows and unix for unix. I can
    >>>run nmap on unix to port scan a windows box and ostrosoft on windows
    >>>to port scan unix. However, when it comes to using certain
    >>>hacking/network tools testing scripts, the choice of OS maybe limited.
    >>>donnie.

    >>
    >>He is absolutely right. You can use either to scan the other. I preffer
    >>to use linux when scanning any system. The Nessus (www.nessus.org)
    >>security auditing software works really good for scanning windows
    >>machines. You can specify specific 'plugins' to use. It allows you to
    >>specify windows specific testing. Its good for a beginner.

    >
    >
    > I agree also. Not sure if you are using UNIX but, check out www.nessus.org.
    >
    > Michael



    Concur! I do use tools like ISS in a win environment, one MUST become
    familiar with the nix solutions. Not only for scanning but for many of
    the IDS functionalities. While snort has a win port for example the OS
    overhead impacts data gathering capabilities on high volume networks.
    Like most things testing with several methodologies will yield better
    results. Learning to read and interpret logs is a great area to learn,
    not only to use and run various security tools, but in the forensics
    arena as well. One learns much if they examine security failures too. It
    is too easy to reformat and reimage, to understand the compromise and
    how it was accomplished is fun. Beyond scanning a system for holes one
    should also be able monitor and log activity and have the ability to
    recover quickly. Backups are your friend.

    Computer security is a balance game. One must always walk that fence
    between usability and security. It is very easy to break things. There
    is no such thing as a completely secure computer except maybe one
    encased in concrete in the bottom of the ocean (that still is
    debatable). This is one of the most difficult portions of computer
    security. One can lock down security to the point of no communication
    and minimal vulnerability, but how useful is the system? Does it meet
    user requirements? Weighing user needs against the compromise potential
    is the most difficult aspects to learn.

    The second toughest job in computer security is changing the network
    user behaviors to operate securely. It doesn't matter if you are
    managing 1 user (yourself) or 1000. The user is often your own worst
    enemy, even when you are that user!

    Winged
     
    winged, Dec 10, 2004
    #5
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Wayne
    Replies:
    0
    Views:
    756
    Wayne
    Mar 2, 2004
  2. eddiec
    Replies:
    6
    Views:
    1,082
    Zenner
    May 20, 2004
  3. c.reifert

    Actually, a wav question instead of mp3 question

    c.reifert, Dec 3, 2004, in forum: Computer Support
    Replies:
    11
    Views:
    998
    °Mike°
    Dec 3, 2004
  4. Jørgen Gilberg
    Replies:
    1
    Views:
    1,177
  5. SPD
    Replies:
    1
    Views:
    1,288
    Jørgen Gilberg
    Aug 13, 2003
Loading...

Share This Page