RE: VA vs PT tool

["Rosado, Rafael (Rafael)" <rarosado () lucent com>]

Another tool that can be used for Pen Testing and which is in the same line
as Knoppix is F.I.R.E. (Forensic and Incident Response Environment -
http://fire.dmzs.com/).  F.I.R.E. was showcased in a webcast in May 2003
hosted by SANS.  F.I.R.E. is a Linux Bootable CD Image which has several
well-known open source tools for Forensics, Vulnerability Assessments and
Pen Tests.

Rafael Rosado, CISSP, CISA
Lucent Technologies
IT Security Manager - Corporate Security
Business Assurance and Risk Mitigation Services (B.A.R.M.S.) 
2400 SW 145th Avenue 
Miramar, Florida 33027 
Office: 954-885-2176 
Facsimile: 954-885-3861 
Email: rarosado () lucent com 

This electronic mail message contains information belonging to Lucent
Technologies, which may be confidential and/or legal privileged. The
information is intended only for the use of the individual or entity named
above. If you are not the intended recipient, you are hereby notified that
any disclosure, printing, copying, distribution, or the taking of any action
in reliance on the contents of this electronically mailed information is
strictly prohibited. If you receive this message in error, please
immediately notify us by electronic mail and delete this message.



-----Original Message-----
From: Brad Mills [mailto:millsmiami () usa net] 
Sent: Friday, June 13, 2003 10:19 PM
To: James Fields; SimonChan () lifeisgreat com sg
Cc: security-basics () securityfocus com
Subject: Re: VA vs PT tool


James, et al -

> I didn't see this on your list below but I would be surprised if no one
> had suggested it...
>
> Nessus (www.nessus.org) will do *some* of that depending upon the 
> vulnerability and how you configure Nessus to do the scan.  The 
> following are advantages/disadvantages depending upon your point of
> view:
>
> 1.  Runs on Linux (as a server, there are clients for other platforms 
> for driving the scans) 2.  Open-source
 (snips)

 (...for windows guys) Grab the latest Knoppix 650-meg *.iso, burn to a CD. 
Boot most any modern machine from it, has Nessus in there, ready to go. May
not 
be 'minutes fresh' on updates, but indeed, grabs it's IP from your dhcp
server, 
and is ready to rumble in minutes. Best of all, it doesn't touch your
windows 
partitions. As well, has ethereal, and nmap installed. An amazing
distibution, 
indeedie.
 
 .02,
 /b



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------