Results 1 to 9 of 9

Thread: security audit

  1. 05-09-2010, 11:35 AM #1
    freeside
    freeside is offline
    Untangler
    Join Date
    Jul 2008
    Posts
    48

    Default security audit

    there are many website out there that help with setting
    up a secure computing environment, like grc ...
    there's software that helps with assessing vulnerabilities, like the metasploit framework.
    -
    now i think it would be cool if untangle had a rack with a button "test me"
    and if would scan the current setup (firewall, routing, etc.) and deliver a report.
    just to catch the most basic "misconfigurations"?
    thanks.
  2. 05-09-2010, 11:42 AM #2
    dwasserman
    dwasserman is online now
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    3,998

    Default

    You can do the "test me" clicking in the buttom of the site from a pc behind Untangle.
    The world is divided into 10 kinds of people, who know binary and those not
  3. 05-09-2010, 12:34 PM #3
    mrunkel
    mrunkel is online now
    Untangle Ninja mrunkel's Avatar
    Join Date
    Jul 2008
    Posts
    2,989

    Default

    I like this idea. The question is, would you pay for such a service?
    m.


    Big Frickin Disclaimer:
    While I'm pretty sure, I can't guarantee that I know what I'm doing. There might be a better way to do this, and this way might actually suck. Make sure you understand the implications of what you're doing before trying to follow these directions.
    It often helps troubleshooting if you have a good network map. Look here if you want my advice on how to draw one.
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com
  4. 05-09-2010, 03:18 PM #4
    johndball
    johndball is offline
    Master Untangler
    Join Date
    Apr 2008
    Location
    New Orleans, La
    Posts
    120

    Default

    I would pay for it as long as it wasn't expensive and not bundled with other apps.
  5. 05-09-2010, 05:42 PM #5
    sky-knight
    sky-knight is online now
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    16,973

    Default

    The problem is a proper security audit isn't something you can simply automate. Port scans only reveal so much, and a true penetration test might just knock things offline.
    Rob Sandling, BS:SWE, MCP
    Intouch Technology
    Phone: 480-272-9889
    NexgenAppliances.com
    Phone: 866-794-8879
  6. 05-10-2010, 05:00 AM #6
    YeOldeStonecat
    YeOldeStonecat is offline
    Untangle Ninja YeOldeStonecat's Avatar
    Join Date
    Aug 2007
    Posts
    1,466

    Default

    IMO better to offload this to a "neutral" site, instead of some services that just bog down your own firewall. Plus..neutral sites are more believable, if you use a firewall vendors own test, it will always be suspect of bias.
  7. 05-13-2010, 10:44 AM #7
    freeside
    freeside is offline
    Untangler
    Join Date
    Jul 2008
    Posts
    48

    Default security audit

    indeed, a good way to test you untangle setup is to have another
    machine infront of untangle (were the line to the internet would go)
    and hammer away at it with something like metasploit.
    -
    this is not what i was proposing. more along the line that if a newbie
    (and everybody was that once) sets up untangle and then happily
    goes to the shadier parts of the internet believing s/he is now safe, but
    acctually is not.
    so something inside untangle that can catch the most basic
    (accidental) mis-configurations and throw up a warning. that's all.
    -
    like the new cars that go "ding ding", if you open the car door but forgot
    to remove the key from ignition.
    or: "ding ding" if you turn off the car but have forgot to turn off the
    headlights.
    or: "ding ding" if you drive 200 meters but still haven't put on
    your seat-belt.
  8. 05-13-2010, 10:54 AM #8
    dwasserman
    dwasserman is online now
    Untangle Ninja dwasserman's Avatar
    Join Date
    Jun 2008
    Location
    Argentina
    Posts
    3,998

    Default

    I understand, you like a "ding ding" in untangle box :x
    The world is divided into 10 kinds of people, who know binary and those not
  9. 05-15-2010, 02:45 PM #9
    freeside
    freeside is offline
    Untangler
    Join Date
    Jul 2008
    Posts
    48

    Default

    no, not "ding-ding" but a red flag.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules


SEO by vBSEO 3.6.0 PL2