RE: Security scanning tools

["KoRe MeLtDoWn" <koremeltdown () hotmail com>]

Hi there Jack,
> From experience I find that Retina is an EXCELLENT security scanning tool 
for local networks - give it a go and see how it goes, you can get a free 
trial and buy it if you like it.
The URL for Retina is as follows: 
http://www.eeye.com/html/Products/Retina/index.html

If you have any questions please don't hesitate to contact me, and I will 
answer them if I can.
Merry Christmas Jack and everyone else at Security Focus

Kindest of regards,

Hamish Stanaway

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Owner/Operator
Auckland, New Zealand

http://www.webhosting.net.nz/
http://www.buywebhosting.co.nz/
http://www.koreworks.com/





> From: "Jack Solomon" <solzjack43 () hotmail com>
> To: security-basics () securityfocus com
> Subject: Security scanning tools
> Date: Mon, 15 Dec 2003 12:04:34 +0000
> MIME-Version: 1.0
> X-Originating-IP: [194.69.42.24]
> X-Originating-Email: [solzjack43 () hotmail com]
> X-Sender: solzjack43 () hotmail com
> Received: from outgoing2.securityfocus.com ([205.206.231.26]) by 
> mc11-f8.hotmail.com with Microsoft SMTPSVC(5.0.2195.6713); Mon, 15 Dec 2003 
> 11:26:35 -0800
> Received: from lists.securityfocus.com (lists.securityfocus.com 
> [205.206.231.19])by outgoing2.securityfocus.com (Postfix) with QMQPid 
> C947B8F522; Mon, 15 Dec 2003 05:48:38 -0700 (MST)
> Received: (qmail 32692 invoked from network); 15 Dec 2003 12:19:43 -0000
> X-Message-Info: JGTYoYF78jGuESsWr17bND8havzblD4u
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> Message-ID: <BAY9-F13GLm3He0ximp000309e5 () hotmail com>
> X-OriginalArrivalTime: 15 Dec 2003 12:04:34.0790 (UTC) 
> FILETIME=[9AEAC060:01C3C303]
> Return-Path: 
> security-basics-return-25853-koremeltdown=hotmail.com () securityfocus com
>
>
> All
>
> Im currently testing new scanning tools to replace nessus.  I ran ISS 
> system scanner and Micro$oft Baseline Security analyst on a win2000 box and 
> compared the results to the regular nessus scan.  Each product reports 
> different things...
>
> - Nessus says everything is cool
> - MS BSA reports that patch ms02-032 has not been applied
> - System scanner finds a nonexistent modem, no virus software (as if!) but 
> no patches
>
> When I logon to the machine and try to run the MS update routine through 
> IE, it reports no patches to be applied.  Am I going crazy or using the 
> tools wrong? surely they should all report the same vulnerabilities?
>
> My questions to the group are:
> 1. What tool[s] should I look to buy that that correctly reports security 
> vulnerabilties with the least false positives?
> 2. Are false positives a known [feature] of all scanning tools?
>
>
> Jack
>
> _________________________________________________________________
> Hotmail messages direct to your mobile phone http://www.msn.co.uk/msnmobile
>
>
> ---------------------------------------------------------------------------
> ----------------------------------------------------------------------------

_________________________________________________________________
Tired of slow downloads and busy signals?  Get a high-speed Internet 
connection! Comparison-shop your local high-speed providers here. 
https://broadband.msn.com


---------------------------------------------------------------------------
----------------------------------------------------------------------------