Re: Assessment tools/Scanners

[ryan25 () wenet net (Ryan M. Ferris)]

BGMiller:

nmap and netcat are available for free.  They may not be easy to set up, but
quite frankly, neither are most security products. Actually, both products
count as excellent freeware and will be the tools you will most likely be
'attacked' with anyway.  A comprehensive security assessment tool
specifically to compare IDS is generally not available although Anzen is
pushing something like this.

Here's an idea:

All IDS products are developed with internal test suites that determine
whether or not a given IDS signature works.  If you are potentially making a
serious investment in an IDS (volume licenses are not cheap), you should
justifiably be able to ask each vendor for their internal test suite to
compare against each IDS.  If you are a low volume buyer, this probably
won't work for you as producers will be reluctant to release internal test
tools.

Ryan M. Ferris
ryan25 () wenet net
----- Original Message -----
From: Greg Shipley <gshipley () neohapsis com>
To: bgmiller <bgmiller () dc jones com>
Cc: <ids () uow edu au>
Sent: Friday, October 08, 1999 1:38 AM
Subject: Re: IDS: Assessment tools/Scanners

> FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> HELP: Having problems... email questions to ids-owner () uow edu au
> NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> SPAM: DO NOT send unsolicted mail to this list.
> --------------------------------------------------------------------------
-
> ---
>
>
> On Thu, 7 Oct 1999, bgmiller wrote:
>
> > I realize this is a little off-topic, but obviously security assessment
tools
> > and scanners go hand in hand with IDS.
> >
> > I'd be interested in your tool preferences and how much
training/expertise, if
> > any, is required to operate them.
>
> My .02 on the vulnerability assessment tools:
>
> ISS ISS - thorough, updated, good - and their licensing model makes sense.
> The only problem is the stupid key-gen'ing, but if you are a static
> environment this isn't a big issue.
>
> NAI Cybercop Scanner - really good, and probably a toss up with ISS.  Has
> some cool features ISS doesn't (like the CAPE/CASL stuff). However, IMNHO
> NAI has their head up their *** when it comes to licensing.  They really
> don't understand the market for these products.
>
> Axent NetRecon - kinda cool, and does some NetWare stuff that the others
> don't (runs over IPX as well).  IMHO, 2nd best to Cybercop and ISS,
> however.
>
> Nessus - cool, but not many checks. (*free*, however)
>
> Cisco NetSonar - works ok, and its CHEAP - $495.  It's quite slow,
> however.  I mean, really slow.  But for $495, heck, if it does the job....
>
> Hope that helps,
>
> -Greg
>
> List-owner(s): Is there anyway we can get that FAQ/subscribe/unsubscribe
> stuff moved to the bottom of the message?