RE: Risk analysis tools?

["A.G. Williams" <drew911s () yahoo com>]

There are scores of risk analysis tools in the
marketplace. It greatly depends on the type of
analysis you want to perform, and the level you want
to go.

If you are looking for simple network penetration
tools, you can get those off the Internet. But it's
generally the "buyer-beware" rule. From my experience
as a former product manager for some of the leading
technologies in network and host assessment and IDS,
I'd actually recommend technologies we competed
against--some of which have gone from the freeware to
legitimate corporate-driven technologies. Tools from
SAINT and SourceFire (Marty Rousch's new company)
would be essential in your search, and if you're
interested in good network mapping and scanning, take
a good look at the NESSUS stuff, and NMap.

I also heard rumor that Dan Farmer was planning to
commercialize his COPS application. Anything Farmer
did would be top-notch quality.

Also beware of the cutesy graphic-generation tools
that show the pretty pictures of your network. They
might look good on the screen or as a background in a
NOC, but they do little to actually mend fences and
notify of events actually dangerous to your
infrastructure. 

Most of the stuff regarding "event analysis" is tied
to auditing. So be sure to look at good audit tools as
part of your risk management plans. NetForensics has
some interesting technology, but more importanly, some
good developers. Some of my friends at NetIQ say
they've got some good stuff as well--so I'd suggest
you look over the NetIQ/PentSafe tools.

But on a more "businessy" note, it's one thing to run
an application to identify risks--remember that you
need to use some form of risk management methodology
to actually address the stuff you find. That's where
the real "Intrusion Prevention" becomes more than a
marketing buzz phrase.

But most importantly, don't trust the new guys on the
block. Just because they think they created something
in a university lab, or got funding from some private
venture partner who didn't know anything about the
current trends in IT Sec technology, doesn't mean
they're making a better mouse trap.

Stick with the veterans who pioneered this stuff. It's
always best to follow the people, as the technology
can often be over- or (in most cases),
UNDER-developed.

Good luck.

Drew Williams

> -----Original Message-----
> From: Marsman-Polhuys, Henk (fin)
> [mailto:Henk.Marsman-Polhuys () ordina nl] 
> Sent: Monday, January 27, 2003 2:01 AM
> To: security-basics () securityfocus com
> Subject: Risk analysis tools?
>
>
> Hi,
>
> don't know if this is the right list to post this,
> but I'm just gonna
> try. 
>
> I'm looking for some risk analysis tools or methods
> that can be used in
> the infosecurity process. Anyone got any
> recommendations or ideas?
>
> Rgdz, Henk
>
> -----Oorspronkelijk bericht-----
> Van: Michael Parker [mailto:mparker () rim net]
> Verzonden: woensdag 22 januari 2003 20:01
> Aan: David Andersson;
> security-basics () securityfocus com
> Onderwerp: RE: Computer Forensics
>
>
> Try this...
>
> http://computerforensics.net/
>
> Regards,
>
> Sincerely, 
>
> Michael,  MCP, GSEC, BCCSA
> BlackBerry Technical Support 
> Research in Motion, Ltd. 
> Tel: 1-877-BLK-BERRY 
> Email: help () BlackBerry net 
> Web: www.BlackBerry.net 
>
> Important Notice: As of February 1, 2003, BlackBerry
> customers who have
> purchased through RIM will need to purchase a
> technical support package
> to continue receiving BlackBerry Technical Support
> direct from RIM. To
> learn more about this change in policy and to find
> out about the
> available BlackBerry technical support options,
> visit
> www.blackberry.com/go/supportoptions 
>
> For on-line technical assistance, please refer to
> our website at the
> links
> below: 
> Technical FAQ:
http://www.BlackBerry.net/knowledgecenter/livelink.exe
> Paging FAQ:  
> http://www.BlackBerry.net/support/paging/index.shtml
>
>
>
> -----Original Message-----
> From: David Andersson
> [mailto:dlandersson () hotmail com]
> Sent: January 19, 2003 11:13 AM
> To: bstoneburner () wcisteel com;
> security-basics () securityfocus com
> Cc: atarata () bigpond net au
> Subject: Re: Computer Forensics
>
>
> Greetings,
>
> We're experiencing an upsurge in computer forensics
> queries.
>
> Can anyone suggest any links to relevant
> information, certifications,
> etc.?
>
> Dave Andersson
> MCT, CIW Security Analyst, CCNA
-----------------------------------------------------------------------
> This message is the property of Time Inc. or its
> affiliates. It may be
> legally privileged and/or confidential and is
> intended only for the use
> of the addressee(s). No addressee should forward,
> print, copy, or
> otherwise reproduce this message in any manner that
> would allow it to be
> viewed by any individual not originally listed as a
> recipient. If the
> reader of this message is not the intended
> recipient, you are hereby
> notified that any unauthorized disclosure,
> dissemination, distribution,
> copying or the taking of any action in reliance on
> the information
> herein is strictly prohibited. If you have received
> this communication
> in error, please immediately notify the sender and
> delete this message.
> Thank you.


__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com