Re: Security Assessment Tools

["Petreski, Samuel" <samuel-petreski () UIOWA EDU>]

A tool that we ran across and have been trying to use in our Security Audits is called Ecora Auditor 
(http://www.ecora.com). The Lite version is free and it has a lot of useful information. Besides the main module for 
auditing Windows hosts, they also have modules for auditing Unix, Oracle, MSSQL, IIS, Exchange, AD, Citrix, Cisco, and 
etc. 

> From speaking with their Rep. their Professional version has a lot more reports and I think it can be used for a lot 
> more then just audits. But it is very $$$.

This tool is useful if you want to get an overview of the system from the inside. For a remote assessment I would still 
recommend Nessus. 

--Samuel

Samuel Petreski
Sr. Security Analyst
CIO Office
University of Iowa
samuel-petreski () uiowa edu
(319) 335 - 6174

> -----Original Message-----
> From: John Kaftan [mailto:jkaftan () UTICA EDU]
> Sent: Monday, October 30, 2006 4:07 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Security Assessment Tools
>
> I am researching Security Assessment Tools and I am wondering what folks
> are
> using.  I am not a Unix guy so I am sure that limits a bunch.  I am
> looking
> to scan Windows XP machines, Windows 2003 server and it would be nice to
> be
> able to scan our Unix boxes.
>
> I also want to be able to scan our Cisco switches for vulnerabilities.
>
>
> Thanks Much;
>
> John Kaftan
> Utica College
> Network Engineer

Attachment: smime.p7s
Description: