RE: Assessment tools/Scanners

[blaing () iss net (Brian Laing)]

Greg,

        Let me put on a sales hat for a second. Just so you know ISS has something
called Flex Checks.  This allows you to program a check in whatever langauge
you like as long as ISS can call it as an executable.  The scanner expects
it to respond with several responces such as (cant remember the exact
numbers) 0 for timed out 1 for vulnerable...etc.

Cheers,
Brian

-----Original Message-----
From: owner-ids () uow edu au [mailto:owner-ids () uow edu au]On Behalf Of
Greg Shipley
Sent: Friday, October 08, 1999 9:38 AM
To: bgmiller
Cc: ids () uow edu au
Subject: Re: IDS: Assessment tools/Scanners



On Thu, 7 Oct 1999, bgmiller wrote:

> I realize this is a little off-topic, but obviously security assessment
tools
> and scanners go hand in hand with IDS.
>
> I'd be interested in your tool preferences and how much
training/expertise, if
> any, is required to operate them.

My .02 on the vulnerability assessment tools:

ISS ISS - thorough, updated, good - and their licensing model makes sense.
The only problem is the stupid key-gen'ing, but if you are a static
environment this isn't a big issue.

NAI Cybercop Scanner - really good, and probably a toss up with ISS.  Has
some cool features ISS doesn't (like the CAPE/CASL stuff). However, IMNHO
NAI has their head up their *** when it comes to licensing.  They really
don't understand the market for these products.

Axent NetRecon - kinda cool, and does some NetWare stuff that the others
don't (runs over IPX as well).  IMHO, 2nd best to Cybercop and ISS,
however.

Nessus - cool, but not many checks. (*free*, however)

Cisco NetSonar - works ok, and its CHEAP - $495.  It's quite slow,
however.  I mean, really slow.  But for $495, heck, if it does the job....

Hope that helps,

-Greg

List-owner(s): Is there anyway we can get that FAQ/subscribe/unsubscribe
stuff moved to the bottom of the message?