Greetings!
Al Saenz schrieb:
> I have a network that I would like to be able to scan for weaknesses from
> the outside like from the internet.
> What products do you recommend to do such a task.
Nessus (http://www.nessus.org/) - for webservers additionally Whisker
(http://www.wiretrip.net/rfp/p/doc.asp?id=21&iface=2).
Both are open source scanners to be used e.g. on Linux or *BSD. Nessus is a
client-server application so if you place a (single) scan-server somewhere into
the Internet your auditors could use it with Nessus' Win* client modules.
> Is this a good product. If you want to send me some links to some sites
> that have reviewed scanner type software that would be nice too.
>From "Network Computing" 08.Jan.2001:
We set up 17 of the most common and critical vulnerabilities
out there, and not one product detected them all. The
closest was the Nessus Security Scanner, which nailed
15 of the 17. But even one hole is too many. Because all
the products failed to identify key vulnerabilities, none
of them received our Editor's Choice award.
[...]
The two that shined the brightest on this front were
ISS' Internet Scanner and Nessus Security Scanner.
Unfortunately, it's a case of the best of the worst.
http://www.nwc.com/1201/1201f1b1.html
HTH & Bye
Volker
--
Volker Tanger <[EMAIL PROTECTED]>
Wrangelstr. 100, 10997 Berlin, Germany
DiSCON GmbH - Internet Solutions
http://www.discon.de/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
