Bugtraq mailing list archives
Re: Security Hole in Axent ESM
From: steve () ZONEOFTRUST COM (Steve McBride)
Date: Thu, 27 Aug 1998 09:30:55 -0700
Remember that ESM is a security policy enforcement tool, not a security hole "finder" (for lack of a better word)... While these two subjects are for the most part one and the same, all you have to do is tell ESM that, for instance, your policy gives a umask of 022 as the suggested value, and it won't tell you to change them. Look through the product a little more, and take some time to develop a custom policy, rather than using the generic Phase 1, Phase 2, Phase 3 thing, and I bet you'll find it a much more useful product. Regards, Steve McBride At 07:41 AM 8/27/98 -0400, Larry Bassett wrote:
Your point about checksums is well taken. We were externally audited and the auditors used Axent ESM. The Axent ESM is not what I would call a great security assessment tool. It is brain dead in a few places. It will complain about files and directories that have more secure permissions since it only checks to see if files have the permissions it is expecting. It also complains about the files it installs. It complained about uninstalled patches. In our case this was completely ridiculous because we already had newer revisions of the patches than the ones they suggested we install. It complained about an HP printer device being world writable. This complaint was pointless since these device files are functionally equivalent to /dev/null. It complained that a umask of 022 was unsafe. They suggested 027. There were other questionable findings but it will find misconfigurations and stupid mistakes. However, there are better tools available.
Current thread:
- Re: Security Hole in Axent ESM Larry Bassett (Aug 27)
- <Possible follow-ups>
- Re: Security Hole in Axent ESM Dr. Mudge (Aug 27)
- Re: Security Hole in Axent ESM Steve McBride (Aug 27)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
- Re: Security Hole in Axent ESM Mark (Aug 28)
- Re: Security Hole in Axent ESM Bert Driehuis (Aug 29)
- Re: Security Hole in Axent ESM Mark (Aug 28)
- Re: Security Hole in Axent ESM Douglas G Conorich (Aug 27)
- Re: Security Hole in Axent ESM Steve Jackson (Aug 28)
- Re: Security Hole in Axent ESM Paul Ashton (Aug 28)
- Re: Security Hole in Axent ESM Andy Church (Aug 29)
- Re: Security Hole in Axent ESM reddog (Aug 30)
- Re: Security Hole in Axent ESM Andy Church (Aug 31)
- Re: Security Hole in Axent ESM Caskey L. Dickson (Aug 31)
(Thread continues...)