Intrusion Detection Systems mailing list archives
Re: RES: NT Host Vulnerability Scanners
From: mht () clark net (mht () clark net)
Date: Mon, 17 Jul 2000 07:52:20 -0700
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au If one scans the recent www.scmagazine.com. ISS also has an Online Scanner product available similiar to the Norton Internet Security 2000 application..:) /m At 09:45 AM 7/17/00 -0300, Marlon Jabbur wrote:
Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner () uow edu au NOTE: Remove this section from reply msgs otherwise the msg will bounce. SPAM: DO NOT send unsolicted mail to this list. UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au ----------------------------------------------------------------------------- Hi, ISS Internet Scanner has a feature called Smart Scan this let you scan a network using an valid Windows NT Account. If this account has adminitrative rights this feature gives you a full vision of the vulnerabilities in the host. My 2 cents. Marlon Jabbur -----Mensagem original----- De: Talisker [mailto:Talisker () networkintrusion co uk] Enviada em: Sunday, July 16, 2000 8:48 AM Para: mht () clark net; ids () uow edu au; FOCUS-IDS () securityfocus com Assunto: Re: IDS: NT Host Vulnerability Scanners Archive: http://msgs.securepoint.com/ids FAQ: http://www.ticm.com/kb/faq/idsfaq.html IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html HELP: Having problems... email questions to ids-owner () uow edu au NOTE: Remove this section from reply msgs otherwise the msg will bounce. SPAM: DO NOT send unsolicted mail to this list. UNSUBSCRIBE: email "unsubscribe ids" to majordomo () uow edu au ---------------------------------------------------------------------------- - M Correct me if I'm wrong but WebTrends (formerly Asmodeus) and ISS System Scanner, install agents on the distant machine, this is something I'm trying to avoid. The Tripwire product is a File Integrity Checker, and whilst able to highlight that an attack has occurred, isn't capable of detecting vulnerabilities to prevent the attack taking place. With regard to testing I agree wholeheartedly. However, a short trial can often reveal showstoppers that may negate the need for a full blown trial on a given product. My aim is to: 1 Get some background on the products, from the experience of others (I realise this information is often subjective rather than objective) to get a feel for the products and possibly the heads up on a show stopper. The inter-vendor discussions in the first qtr of this year was excellent for this:o) 2 Shortlist a few products for a short trial ie 4-6 weeks. 3 Isolate one or more preferred choices for an extensive trial of a few months. From experience I don't like to test multiple products simultaneously to this level, for a variety of reasons, not least having to keep the Sys Admins of the networks I'm using, sweet, they lose patience if I'm in their hair too much, also I don't want to introduce more software than I really have to. 4 At the end of the day I'm not a test house, I'm looking for a working solution. That said I still wish to have visibility of every feature of every product so that I can recommend the best solution for the problem. Oh and IMHO vulnerability scanners aren't nearly as interesting as IDS, so the quicker I find a solution the quicker I can concentrate on IDS ;o) Take care Andy www.networkintrusion.co.uk ----- Original Message ----- From: <mht () clark net> To: "Talisker" <Talisker () networkintrusion co uk>; <ids () uow edu au>; <FOCUS-IDS () securityfocus com> Sent: Sunday, July 16, 2000 3:00 AM Subject: Re: IDS: NT Host Vulnerability ScannersWebTrends, ISS and TripWire have products available that sit and assist in baselining a particular system based on attributes a user selects or adhering some policy that compares the system against a standard or custom policy. Agents sit on a particular host monitoring for certain things and report back to a central console.. It really depends on the scope of your test. A live trial in my mind last for months on end, and encompasses at least a class 'B' network with at least variants from every single type of operating system available plus some common apps that may be running. My type of testing is similiar to those Road & Track testing.. Firstmonth,person gets the car, drives around a bit, a couple of months in the car, things start to come loose, shake , vibrate things like that. A week or two of testing may not be enough /m \At 10:02 PM 7/15/00 +0100, Talisker wrote:Hi all I'm currently looking at host vulnerability scanners for NT networks, my main requirement is for a tool that doesn't require an agent to be installed, so far I've found STAT and SecurityExpressions (thanks Fernando) both tools seem similar but before I set them against eachotheron a live trial, I'm hoping once again to feed upon the experiences ofthelist, I'm looking for the following: 1. Is there a great advantage of using agents on each host. 2. Has anyone used either of these products and if so what did youthink.3. Are there any other products that will achieve the same aim, at a comparative cost. Product information can be found on my host scanner page at<http://www.networkintrusion.co.uk/h_scan.htm>http://www.networkintrusion.co.uk/h_scan.<http://www.networkintrusion.co.uk/h_scan.htm>htmThanks in advance Andy<http://www.networkintrusion.co.uk>www.networkintrusion.co.<http://www.networkintrusion.co.uk>uk''' (0 0) ----oOO----(_)---------- | The geek shall | | Inherit the earth | -----------------oOO---- |__|__| || || ooO Ooo The opinions contained within this transmission are entirely my own, anddonot necessarily reflect those of my employer.
Current thread:
- The CVE (WAS: RE: RE: Ramping up for another review) Greg Shipley (Jul 13)
- RE: Tivoli Cross-Site for Security (was: RE: Ramping up for anoth er r eview) Lodin, Steven {IT S~Indianapolis} (Jul 14)
- Re: RE: Tivoli Cross-Site for Security (was: RE: Ramping up for anoth er r eview) Dave Whitlow (Jul 19)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Ron Gula (Jul 14)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Dug Song (Jul 15)
- NT Host Vulnerability Scanners Talisker (Jul 15)
- Re: NT Host Vulnerability Scanners mht () clark net (Jul 15)
- Re: NT Host Vulnerability Scanners Talisker (Jul 16)
- RES: NT Host Vulnerability Scanners Marlon Jabbur (Jul 17)
- Re: RES: NT Host Vulnerability Scanners mht () clark net (Jul 17)
- Re: NT Host Vulnerability Scanners mht () clark net (Jul 15)
- RE: Tivoli Cross-Site for Security (was: RE: Ramping up for anoth er r eview) Lodin, Steven {IT S~Indianapolis} (Jul 14)
- Re: NT Host Vulnerability Scanners Carric Dooley (Jul 18)
- Re: NT Host Vulnerability Scanners Carric Dooley (Jul 18)
- JOB OPPORTUNITY Ann Pohlers (Jul 18)
- Re: JOB OPPORTUNITY John S Flowers (Jul 18)
- <Possible follow-ups>
- RE: The CVE (WAS: RE: RE: Ramping up for another review) Lodin, Steven {IT S~Indianapolis} (Jul 14)
- RE: The CVE (WAS: RE: RE: Ramping up for another review) Farrell, Dave E (Jul 14)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Greg Shipley (Jul 15)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Dug Song (Jul 15)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) David Baker (Jul 17)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Dug Song (Jul 15)
- Re: The CVE (WAS: RE: RE: Ramping up for another review) Marcus J. Ranum (Jul 16)