Re: Advise on Security audit tool

[Ben Carr <carr.287 () osu edu>]

> Wondering if anyone could give me suggestion s on a good security tool ?
> My environment consists on both unix and windows machines.

Check out Nessus (http://www.nessus.org). It makes a wonderful scanner, is 
modular, and scans for applications/servers/vulnerabilities regardless of 
the port they are running on. It also provides for "safe" scanning of 
production systems, or a more thorough scanning with the potential of 
ending up with a hung server (though this has never happened to me). It 
works wonderfully in a mixed OS environment, just so you know the server 
end of it must be run from a UNIX machine, though the client/front can be 
run from windows if you choose.

For those in windows-only house, nessus is included on the KNOPPIX Security 
Tools Distribution, available at http://www.knoppix-std.org . This provides 
you with a number of tools on a bootable live cd.

-Ben


---------------------------------------------------------------------------
Attend Black Hat Briefings & Training Federal, September 29-30 (Training), 
October 1-2 (Briefings) in Tysons Corner, VA; the world's premier 
technical IT security event.  Modeled after the famous Black Hat event in 
Las Vegas! 6 tracks, 12 training sessions, top speakers and sponsors.  
Symantec is the Diamond sponsor.  Early-bird registration ends September 6.Visit us: www.blackhat.com
----------------------------------------------------------------------------