Home page logo

basics logo Security Basics mailing list archives

Re: Security scanning tools
From: Carlton Foster <c.a.foster () larc nasa gov>
Date: Mon, 15 Dec 2003 15:01:57 -0500

If you're scanning Windows based machines on a Windows domain, use Nessus and give it a valid domain username and password in the SMB login options.

Some tests in Nessus do require admin rights, but they tell you that in the description. Most, however, are better with just user access.

Read this: http://www.nessus.org/doc/nessus_windows_scanning.pdf

and this: http://www.nessus.org/doc/nessus_domain_whitepaper.pdf

They should explain everything.

Personally, having ISS, MBSA, and Nessus available, I will use Nessus over the other two every time. A few times people have challenged the validity of the Nessus results, and I have gone to the machines and proven the scanner was correct. Nessus the program, and the development team, have earned my trust in that product. Don't waste your money elsewhere...

Jack Solomon wrote:


Im currently testing new scanning tools to replace nessus. I ran ISS system scanner and Micro$oft Baseline Security analyst on a win2000 box and compared the results to the regular nessus scan. Each product reports different things...

- Nessus says everything is cool
- MS BSA reports that patch ms02-032 has not been applied
- System scanner finds a nonexistent modem, no virus software (as if!) but no patches

When I logon to the machine and try to run the MS update routine through IE, it reports no patches to be applied. Am I going crazy or using the tools wrong? surely they should all report the same vulnerabilities?

My questions to the group are:
1. What tool[s] should I look to buy that that correctly reports security vulnerabilties with the least false positives?
2. Are false positives a known [feature] of all scanning tools?


Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile

--------------------------------------------------------------------------- ----------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]