Advanced Security Audit (Sample)
Report ID | 0 |
View Created On: | Jan 1, 1970 00:00 GMT |
Host Address(es): | X.X.X.X |
Report Contents
1. Risk Classification Summary
2. Vulnerability Category Summary
3. Vulnerability Title Summary
4. Vulnerability Details
5. Open Ports
Appendix A: Risk Definitions
Appendix B: CVE Versioning
Appendix C: List of Tests Executed
1. Risk Classification Summary
Vulnerabilities are classified according to the risk they present to the network/host on which they are found. The following chart summarizes how the 0 different issues we found are spread across the different risk classes.
For a detailed explanation of how vulnerabilities are classified, see Appendix A: Risk Definitions
2. Vulnerability Category Summary
![](../sspace/images/pixel.gif) |
The vulnerability category summary shows how the various issues that were reported are distributed across the different test categories.
Category | High | Med | Low | Other |
Fedora Local Security Checks |
| | | |
SuSE Local Security Checks |
| | | |
Web application abuses |
| | | |
Debian Local Security Checks |
| | | |
Ubuntu Local Security Checks |
| | | |
Huawei EulerOS Local Security Checks |
| | | |
General |
| | | |
CentOS Local Security Checks |
| | | |
Red Hat Local Security Checks |
| | | |
Mandrake Local Security Checks |
| | | |
Windows : Microsoft Bulletins |
| | | |
Product detection |
| | | |
Gentoo Local Security Checks |
| | | |
FreeBSD Local Security Checks |
| | | |
Denial of Service |
| | | |
Oracle Linux Local Security Checks |
| | | |
CGI abuses |
| | | |
Databases |
| | | |
Amazon Linux Local Security Checks |
| | | |
Policy |
| | | |
CISCO |
| | | |
Web Servers |
| | | |
Buffer overflow |
| | | |
Slackware Local Security Checks |
| | | |
Windows |
| | | |
Conectiva Local Security Checks |
| | | |
IT-Grundschutz-deprecated |
| | | |
Service detection |
| | | |
Backdoors |
| | | |
Mageia Linux Local Security Checks |
| | | |
Turbolinux Local Security Tests |
| | | |
Default Accounts |
| | | |
Mac OS X Local Security Checks |
| | | |
FTP |
| | | |
Gain a shell remotely |
| | | |
IT-Grundschutz |
| | | |
Nmap NSE net |
| | | |
Trustix Local Security Checks |
| | | |
Nmap NSE |
| | | |
JunOS Local Security Checks |
| | | |
F5 Local Security Checks |
| | | |
Huawei |
| | | |
Remote file access |
| | | |
Gain root remotely |
| | | |
SMTP problems |
| | | |
Privilege escalation |
| | | |
Misc. |
| | | |
IT-Grundschutz-15 |
| | | |
SSL and TLS |
| | | |
AIX Local Security Checks |
| | | |
CGI abuses : XSS |
| | | |
VMware Local Security Checks |
| | | |
Malware |
| | | |
RPC |
| | | |
Palo Alto PAN-OS Local Security Checks |
| | | |
FortiOS Local Security Checks |
| | | |
Citrix Xenserver Local Security Checks |
| | | |
Windows : User management |
| | | |
SNMP |
| | | |
Useless services |
| | | |
Peer-To-Peer File Sharing |
| | | |
Firewalls |
| | | |
HP-UX Local Security Checks |
| | | |
Settings |
| | | |
Brute force attacks |
| | | |
Compliance |
| | | |
Port scanners |
| | | |
Finger abuses |
| | | |
Credentials |
| | | |
NIS |
| | | |
Solaris Local Security Checks |
| | | |
Totals: | 0 | 0 | 0 | 0 |
3. Vulnerability Title Summary
4. Vulnerability Details
5. Open Ports - X.X.X.X
![](../sspace/images/pixel.gif) |
Port |
Protocol |
Probable Service |
![](../sspace/images/pixel.gif) |
135 | TCP | loc-srv |
|
Defined as a "Location Service" in RFC1060, pre-SP3 versions
of Windows NT were susceptible to a denial of service attack
on this port that would cause NT's rpcss.exe process to consume
all available CPU cycles. The (easiest) recovery from this
attack is to reboot your machine.
You should do one of several things: a) upgrade/patch your operating
system to make sure it is not susceptible to this attack; b) firewall
your system so that port 135 is not visible from the internet
c) configure your router to block port 135; d) Install one of several
monitoring packages on your PC that block this denial of service.
|
|
139 | TCP | netbios-ssn |
|
Port 139 is used on Windows machines for NetBios name resolution,
WINS, etc. A problem with older unpatched versions of Windows is that
they are susceptible to receipt of Out-Of-Band (OOB) data. This means
that someone can remotely send you OOB data on port 139 and can cause
numerous problems on your machine, including but not limited to
machine lockups, blue screens, loss of internet connection.
You should do one of several things: a) upgrade/patch your operating
system to make sure it is not susceptible to this attack; b) firewall
your system so that port 139 is not visible from the internet
c) configure your router to block port 139; d) Install one of several
monitoring packages on your PC that block this denial of service.
|
|
1028 | TCP | unknown |
|
No description available for this port at this time.
|
|
![](../sspace/images/pixel.gif) |
Number of open ports found by port scan:3 |
|
Appendix A: Risk Definitions
Users should note that test classifications are subjective, although we do our best to make appropriate classifications. If you spot an inconsistency, please let us know so that we can make the appropriate corrections.
AppendixB: CVE Versioning
CVE identifiers, an industry standard way of identifying tests, are maintained by
Mitre. The current mapping of CVE/CAN identifiers to Test IDs is based on CVE Version Number 20211016, and CAN Version Number 20211016. These were verified on October 16, 2021 as being the latest available.
Appendix C: List of Tests Executed
![](../sspace/images/pixel.gif) |
This supplement details the list of all tests that were available as part of this audit request. THIS IS A LARGE REPORT! It does not provide any information on vulnerabilities found during the audit. Instead, it is a complete list of all tests that were part of this audit, along with descriptions. If you intend to print this report, please choose the printer friendly link below. The size of the report will vary depending on the type of audit you ran, but can easily be 200 pages long when printed, and more than 600K in size.
Finally, please note that this list is dependent on the audit you ran. If you come back in a month and run the same audit again, it is likely that this supplement will change, since additional tests will have probably been added to the test suite. Each audit report we produce has its own copy of this supplement that reflects the test suite available at the time this audit was run.
Because of the large size of this report, it may take several minutes for it to be displayed properly on some browsers once the complete report is downloaded (e.g. Netscape). Be patient, it will come up eventually.
View Test List Printer Friendly Test List PDF Download