Firewall Wizards mailing list archives
Re: L-3 Network Security Retriever and Expert
From: iwchick () clark net
Date: Wed, 12 May 1999 19:19:50 -0400
I haven't had a full working copy but received a demo/briefing on Expert from the L-3 rep here in the DC area about two months ago. Points that stood out for me: - The tool doesn't scan for vulnerabilities the way Ballista/CyberCop does, for example. - The tool will do some basic network mapping but doesn't do operating system recognition. - The tool relies on human intervention to plug in the operating systems that are running on each server or host. - The tool reports back all known vulnerabilities for each host based on the operating system/version, not on a particular identified vulnerability. - The database of vulnerabilities associated with various operating systems is supposedly the largest in existence, it will identify all the various patches that have been reported for each host based on the human-identified OS/version. - The tool applies a weighted metric to quantify risk, the risk weights can be modified so you can customize the ratings to meet your priorities. <personal opinion mode = on> I think this tool requires too much effort on the part of whomever is responsible for inputting all the data. I think it would require a lot more effort to go through the findings and determine which vulnerabilities are ACTUALLY in place and/or which patches have been applied. Coolio if the database is that robust, but think about how much more effectively it could be applied. If someone out there knows of changes/updates from the info I received a couple months ago, please post. Lori At 06:05 PM 5/12/99 +0200, Bostjan Peterca wrote:
In Secure Computing Magazine I have read about L-3 Network Security tools, but after reading the articles I am still confused. What the magazine writes about can be either yet another network security scanner (Retriever) or something which will take ISS another year or two or three to come up with (Expert). Does anyone have experience with Retriever and especially Expert (developed from Trident Information Protection Toolkit)? How do they compare to scanners from ISS or Axent. Is Expert for example able to map a change in the configuration of a firewall to overall impact or something like annualized loss expectancy? Regards, Bostjan
Current thread:
- L-3 Network Security Retriever and Expert Bostjan Peterca (May 12)
- Re: L-3 Network Security Retriever and Expert iwchick (May 13)