RE: Assessment tools/Scanners

[Michael_Staggs () nai com (Staggs, Michael)]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Good day all. In response to the below comment concerning NAI's CyberCop
licensing model... The current canned agreement is based upon the number of
nodes present on the licencee's network. Mr Shipley is quite correct when he
opines (pardon the paraphrase, sir) that this model can be a real headache
at times.

However, please note that NAI sales personnel have the lattitude to change
this standard agreement on the terms and conditions of sale. They can make
that license say node, network, subnet, host, connections, even days of the
week- anything that is mutually agreeable to both parties.

You also have the opportunity to bundle the CyberCop Suite with any other
NAI tool-  Sniffer (absolutely rocks), Guantlet (with the new adaptive proxy
for HTTP and FTP that has better throughput and more security than stateful
inspection), McAfee AV stuff, PGP for just about every OS made, E-ppliance
plug and play FW and AV Gateway, RMON, Network stats and reporting tools,
Router PM, etc. In reality to the buyer, this means big discounts on stuff
that works together via PKI authenticated or encrypted comm right out of the
box. No need for bizillions of lines of custom scripting.

In reality for the network engineer- use this stuff together and watch it
all happen on the wire with a Sniffer, especially your own CASL (part of the
Scanner) programs. Doing this one thing will increase your understanding as
an engineer ten-fold. No kidding.

MJ

- -----Original Message-----
From: Greg Shipley [mailto:gshipley () neohapsis com]
Sent: Friday, October 08, 1999 1:38 AM
To: bgmiller
Cc: ids () uow edu au
Subject: Re: IDS: Assessment tools/Scanners

On Thu, 7 Oct 1999, bgmiller wrote:

> I realize this is a little off-topic, but obviously security assessment
tools
> and scanners go hand in hand with IDS.
>
> I'd be interested in your tool preferences and how much
training/expertise, if
> any, is required to operate them.

My .02 on the vulnerability assessment tools:

ISS ISS - thorough, updated, good - and their licensing model makes sense.
The only problem is the stupid key-gen'ing, but if you are a static
environment this isn't a big issue.

NAI Cybercop Scanner - really good, and probably a toss up with ISS.  Has
some cool features ISS doesn't (like the CAPE/CASL stuff). However, IMNHO
NAI has their head up their *** when it comes to licensing.  They really
don't understand the market for these products.

Axent NetRecon - kinda cool, and does some NetWare stuff that the others
don't (runs over IPX as well).  IMHO, 2nd best to Cybercop and ISS,
however.

Nessus - cool, but not many checks. (*free*, however)

Cisco NetSonar - works ok, and its CHEAP - $495.  It's quite slow,
however.  I mean, really slow.  But for $495, heck, if it does the job....

Hope that helps,

- -Greg

List-owner(s): Is there anyway we can get that FAQ/subscribe/unsubscribe
stuff moved to the bottom of the message?

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.1
Comment: Crypto Provided by Network Associates <http://www.nai.com>

iQA/AwUBN/4kk0P+Hq9LR4eQEQK0OgCdEHn8ZlPv5WQOt1dIjSKbDXaplGEAoOgd
t3bWoYACHrO1sffboJAA6dKS
=su71
-----END PGP SIGNATURE-----