Re[2]: Penetration Tests

[Edward Cracknell <edward () securIT net>]

Darren Reed <darrenr () cyber com au> wrote:
darrenr >You might even find some older versions of tools such as iss which
are
darrenr >minus the graphical bloating.  Hmmm, downloading the trial version of
darrenr >ISS (with the docs) might be worthwhile for reading the docs - what
darrenr >sort of vulnerabilities to expect, etc.
darrenr >

I was very impressed with what I saw from ISS when I downloaded the
latest copy a few weeks ago, but like you say, it's obviously a case of
throwing that net wide enough.

darrenr >I'm not sure that this really answers your question...most of the
tools
darrenr >commercially available are enhanced versions of SATAN - just with
more
darrenr >options put in them.  The real intelligence is in the various
subroutines
darrenr >which do the testing and given exploits are fairly easy to obtain, it
darrenr >is certainly possible to expand the utility of SATAN.
darrenr >
darrenr >The $$ question is, how much time do you want to spend doing this
and what
darrenr >that cost will be vs. buying something like ISS to do it for you.
darrenr >

I might well invest in ISS, but isn't it based upon an IP address?,
which means as a portable tool for testing, it's no good!

darrenr >Darren

Thanks for the mail Darren.

Regards



-------------------------------------------------------------
Edward Cracknell 
Security Administrator/Author
edward () SecurIT net
---------  Okay, who put a "stop payment" on my reality check? -----------