Firewall Wizards mailing list archives
RE: vulnerability scanner
From: "Ray Hooker" <rayhook () ibm net>
Date: Thu, 25 Mar 1999 09:45:15 -0500
Excellent description of the various layers of vulnerability/ policy tools as well as intrusion detection. I am always concerned when vendors indicate that they have a complete suite of tools, when in fact they do not cover all of the bases. If they bundle the tools together, that is fine but no one vendor has a complete suite yet. That may change over the next 2 years, but not now. Ray Hooker -----Original Message----- From: owner-firewall-wizards () nfr net [mailto:owner-firewall-wizards () nfr net]On Behalf Of Christopher Klaus Sent: Wednesday, March 24, 1999 7:46 PM To: Sandy Green; firewall-wizards () nfr net Subject: Re: vulnerability scanner Sandy Green wrote:
Besides ISS and Cybercops , is there any tool which does a host based vulnerability analysis and also attacks the system based on known attacks like IP spofing, tear drop, land attack, etc.
To shed a little more light on the subject and make a distinction in these tools to help people better evaluate the vulnerability analysis tools, here's some additional information: ISS typically classifies Internet Scanner, CyberCop, SATAN, etc as network based vulnerability analysis and policy enforcement tools. The reason is that they look for security issues over the network and mostly find isssues at the network service level. ISS classifies System Scanner, COPS, etc as a host based analysis and system policy tool. They search for security issues as an agent sitting on the actual host. System Scanner type tools do a more indepth analysis of the file system, backdoors, patches, etc that compliment and provide a comprehensive overview of the entire host and servers together with network based assessment tools. ISS classifies Database Scanner as an application based vulnerability and security policy tool. This type of product looks at security issues within Sybase and MS SQL Server. This area of vulnerabilities is majorly overlooked by most organizations, but the crown jewels of a company are often stored in wide-open databases. As E-Commerce is taking off, more applications are relying on these databases and they need to be routinely checked for good security. Many people are not aware of the different layers of vulnerability analysis between network, host, and application and that there are tools that address all three. When compiling your list, depending on how comprehensive you want to make it, it might make sense to include Internet Scanner (IS), System Scanner (S2), and Database Scanner (DBS) that exist to cover a wider range of vulnerability analysis. These type of tools can help not only find security issues, but help build a security policy of what is or is not acceptable, and make it easier for compliance and enforcement of that policy. ------------------------------------------------- Christopher Klaus Founder and Chief Technology Officer cklaus () iss net Internet Security Systems, Inc. (678) 443-6000 /fax (678) 443-6477 6600 Peachtree-Dunwoody Road NE 300 Embassy Row, Atlanta, GA 30328 www.iss.net NASDAQ: ISSX "Adaptive Security for the Networked Enterprise"
Current thread:
- vulnerability scanner Sandy Green (Mar 21)
- Re: vulnerability scanner Stefan Wagner (Mar 22)
- Re: vulnerability scanner Larry Chin (Mar 22)
- Re: vulnerability scanner Laurent LEVIER (Mar 22)
- Re: vulnerability scanner Randolf-Heiko Skerka (Mar 22)
- Re: vulnerability scanner Adam Shostack (Mar 22)
- Re: vulnerability scanner Dario Forte (Mar 24)
- Re: vulnerability scanner Christopher Klaus (Mar 24)
- RE: vulnerability scanner Ray Hooker (Mar 25)
- <Possible follow-ups>
- RE: vulnerability scanner Frank W. Keeney (Mar 22)
- Re: vulnerability scanner Cohen Liota (Mar 23)
- RE: vulnerability scanner Jason Diesel (Mar 25)
- RE: vulnerability scanner Dave Whitlow (Mar 28)