Firewall Wizards mailing list archives

Re: vulnerability scanner

From: Christopher Klaus <cklaus () iss net>
Date: Wed, 24 Mar 1999 19:45:55 -0500

Sandy Green wrote:


Besides ISS and Cybercops , is there any tool
which does a host based vulnerability analysis
and also attacks the system based on known
attacks like IP spofing, tear drop, land attack, etc.


To shed a little more light on the subject and make a distinction in
these tools to help people better evaluate the vulnerability analysis
tools, here's some additional information:

ISS typically classifies Internet Scanner, CyberCop, SATAN, etc as
network based vulnerability analysis and policy enforcement tools.  The
reason is that they look for security issues over the network and mostly
find isssues at the network service level.  

ISS classifies System Scanner, COPS, etc as a host based analysis and
system policy tool. They search for security issues as an agent sitting
on the actual host.  System Scanner type tools do a more indepth
analysis of the file system, backdoors, patches, etc that compliment and
provide a comprehensive overview of the entire host and servers together
with network based assessment tools.  

ISS classifies Database Scanner as an application based vulnerability
and security policy tool.  This type of product looks at security issues
within Sybase and MS SQL Server.  This area of vulnerabilities is
majorly overlooked by most organizations, but the crown jewels of a
company are often stored in wide-open databases.  As E-Commerce is
taking off, more applications are relying on these databases and they
need to be routinely checked for good security.

Many people are not aware of the different layers of vulnerability
analysis between network, host, and application and that there are tools
that address all three.  When compiling your list, depending on how
comprehensive you want to make it, it might make sense to include
Internet Scanner (IS), System Scanner (S2), and Database Scanner (DBS)
that exist to cover a wider range of vulnerability analysis. These type
of tools can help not only find security issues, but help build a
security policy of what is or is not acceptable, and make it easier for
compliance and enforcement of that policy.

-------------------------------------------------
Christopher Klaus
Founder and Chief Technology Officer
cklaus () iss net

Internet Security Systems, Inc.
(678) 443-6000 /fax (678) 443-6477
6600 Peachtree-Dunwoody Road NE
300 Embassy Row, Atlanta, GA  30328
www.iss.net
NASDAQ: ISSX

"Adaptive Security for the Networked Enterprise"

Current thread:

vulnerability scanner Sandy Green (Mar 21)
- Re: vulnerability scanner Stefan Wagner (Mar 22)
- Re: vulnerability scanner Larry Chin (Mar 22)
- Re: vulnerability scanner Laurent LEVIER (Mar 22)
- Re: vulnerability scanner Randolf-Heiko Skerka (Mar 22)
  - Re: vulnerability scanner Adam Shostack (Mar 22)
- Re: vulnerability scanner Dario Forte (Mar 24)
- Re: vulnerability scanner Christopher Klaus (Mar 24)
  - RE: vulnerability scanner Ray Hooker (Mar 25)
- <Possible follow-ups>
- RE: vulnerability scanner Frank W. Keeney (Mar 22)
- Re: vulnerability scanner Cohen Liota (Mar 23)
- RE: vulnerability scanner Jason Diesel (Mar 25)
  - RE: vulnerability scanner Dave Whitlow (Mar 28)