Your point about checksums is well taken. We were externally audited and the auditors used Axent ESM. The Axent ESM is not what I would call a great security assessment tool. It is brain dead in a few places. It will complain about files and directories that have more secure permissions since it only checks to see if files have the permissions it is expecting. It also complains about the files it installs. It complained about uninstalled patches. In our case this was completely ridiculous because we already had newer revisions of the patches than the ones they suggested we install. It complained about an HP printer device being world writable. This complaint was pointless since these device files are functionally equivalent to /dev/null. It complained that a umask of 022 was unsafe. They suggested 027. There were other questionable findings but it will find misconfigurations and stupid mistakes. However, there are better tools available. >My boss bought Axent ESM and wants me to install it. Before installing it,I noticed it relies on CRC checksums as the mechanism to validate the integrity of the files. This appears to be a major security NO-NO, and even old freeware security packages like Tripwire use stronger algorithms. ...snip... I talked with our Axent contact and he claimed that their file integrity validation could not be compromised by a hacker because Axent has security experts that designed ESM. Trust nobody! ...snip... ___________________________________________________________________________ Larry W. Bassett Direct: 724-742-RISK (7475) Data Security Administrator Main: 724-742-4444 FORE Systems Inc. Fax: 724-742-7421 3000 FORE Drive URL: http://www.fore.com Warrendale, PA 15086-7594 Email: lbassettat_private -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 4.0 Business Edition mQENAjJP6WAAAAEIALgtOtvlUAflrBq7bRpO1gSDj6u5jZFmVubCTHDW+EyejjQ+ plqn7C9MOc6ntm7EFgUrTwnTsAoBU6RkmLtUF89R9ORIaTMPKH41Z9k/S0ACvj6+ esw/hnWKsumTFMsvCoRUmsTv69RfJo++Pk61+I84TNYqOLvwt3KehxYTyfUh6gUL aaY8a126u/DstNIDTxt1V3i6tbQW0+91ydauBdcwIrDudbZZ17hOvlq/EYamn2Mw XLIuf+3fGvLsJxUC+dtSG94kNCa69BwPmbrqCrC048BkRtINeilRyQzrJbFiJVhi JP9YQw0p6ieozDEF9HZ+7snlhmTKJ3J+FAKuXBMABRG0JExhcnJ5IFcuIEJhc3Nl dHQgPGxiYXNzZXR0QGZvcmUuY29tPg== =dtEq -----END PGP PUBLIC KEY BLOCK-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:13:42 PDT