Firewall Wizards mailing list archives
RE: vulnerability scanner
From: Jason Diesel <JDiesel () axent com>
Date: Thu, 25 Mar 1999 20:56:39 -0000
After reading Markus's rules on about the group, I am afraid to mention Axent (the company that I work for), but there is a vendor who does all these together. As Christopher points out, just the network is not enough, and just the databases are also not enough, what about the routers, the web servers, the mail servers, the file servers, etc. Are your policies being maintained, if there has been a breach in a pre-defined policy, what will alert you to this. If your router configuration has been modified, will you be alerted? etc. I heard a great analogy a while back, it goes something like this: - A 'naughty' person breaks into your house, wanders around the corridors and into a couple of rooms. That is what a Network Scanning tool will find out. - But you have seen that that naughty person went into your cupboard? Did you see that they went through your drawers? That is what a host based intrusion detection tool will tell you. Then of course, if they moved your gold bracelet from the left side of the shelf to the right, you want to have it be placed in its original position again. You want some pro-active tool to do this for you. Jason
-----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Ray Hooker Sent: 25 March 1999 15:45 To: owner-firewall-wizards () nfr net Subject: RE: vulnerability scanner Excellent description of the various layers of vulnerability/ policy tools as well as intrusion detection. I am always concerned when vendors indicate that they have a complete suite of tools, when in fact they do not cover all of the bases. If they bundle the tools together, that is fine but no one vendor has a complete suite yet. That may change over the next 2 years, but not now. Ray Hooker -----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Christopher Klaus Sent: Wednesday, March 24, 1999 7:46 PM To: Sandy Green; firewall-wizards () nfr net Subject: Re: vulnerability scanner Sandy Green wrote:Besides ISS and Cybercops , is there any tool which does a host based vulnerability analysis and also attacks the system based on known attacks like IP spofing, tear drop, land attack, etc.To shed a little more light on the subject and make a distinction in these tools to help people better evaluate the vulnerability analysis tools, here's some additional information: ISS typically classifies Internet Scanner, CyberCop, SATAN, etc as network based vulnerability analysis and policy enforcement tools. The reason is that they look for security issues over the network and mostly find isssues at the network service level. ISS classifies System Scanner, COPS, etc as a host based analysis and system policy tool. They search for security issues as an agent sitting on the actual host. System Scanner type tools do a more indepth analysis of the file system, backdoors, patches, etc that compliment and provide a comprehensive overview of the entire host and servers together with network based assessment tools. ISS classifies Database Scanner as an application based vulnerability and security policy tool. This type of product looks at security issues within Sybase and MS SQL Server. This area of vulnerabilities is majorly overlooked by most organizations, but the crown jewels of a company are often stored in wide-open databases. As E-Commerce is taking off, more applications are relying on these databases and they need to be routinely checked for good security. Many people are not aware of the different layers of vulnerability analysis between network, host, and application and that there are tools that address all three. When compiling your list, depending on how comprehensive you want to make it, it might make sense to include Internet Scanner (IS), System Scanner (S2), and Database Scanner (DBS) that exist to cover a wider range of vulnerability analysis. These type of tools can help not only find security issues, but help build a security policy of what is or is not acceptable, and make it easier for compliance and enforcement of that policy. ------------------------------------------------- Christopher Klaus Founder and Chief Technology Officer cklaus () iss net Internet Security Systems, Inc. (678) 443-6000 /fax (678) 443-6477 6600 Peachtree-Dunwoody Road NE 300 Embassy Row, Atlanta, GA 30328 www.iss.net NASDAQ: ISSX "Adaptive Security for the Networked Enterprise"
Current thread:
- Re: vulnerability scanner, (continued)
- Re: vulnerability scanner Stefan Wagner (Mar 22)
- Re: vulnerability scanner Larry Chin (Mar 22)
- Re: vulnerability scanner Laurent LEVIER (Mar 22)
- Re: vulnerability scanner Randolf-Heiko Skerka (Mar 22)
- Re: vulnerability scanner Adam Shostack (Mar 22)
- Re: vulnerability scanner Dario Forte (Mar 24)
- Re: vulnerability scanner Christopher Klaus (Mar 24)
- RE: vulnerability scanner Ray Hooker (Mar 25)
- RE: vulnerability scanner Frank W. Keeney (Mar 22)
- Re: vulnerability scanner Cohen Liota (Mar 23)
- RE: vulnerability scanner Jason Diesel (Mar 25)
- RE: vulnerability scanner Dave Whitlow (Mar 28)