Hi Mario... Let's try to respond in a good order to your questions.
First of all, you should have a look to nessus.org; as mentionned earlier. But in any tools you use (Have a look at securityfocus in tools... ) you should do it from a remorte location.. So you are sure you're in the same position as an attacker. On commercial side, you can take a look to Eeye's tools (www.eeye.com). GFI (www.gfi.com) make also a free scanning tools : Languard. It's really easy to use. Be carefull that in this case, you are just taking 1 snapshot of your security status. I would recommend to do the test a least once a week. Qualys sells via partner a very good Automated vulnerabilities assesment service. (www.qualys.com) A firewall ? Yes definitively you should put a real Firewall before your ISA. Keep both, this a dual barrel, 2 differents. ISA a a fairly good proxy service, but I wouldn't bet my right hand on his security and his packet filtering capabilities. Depending on your budget, and the price you can afford, you can find really good firewall. This will add a little more to the security. (Firewall-1, or some appliance, already named in this list..) DMZ ? You should really put all Internet-Accessible machine in a DMZ. So if an attacker can take such a sertver, he is not yet in your network. And if you can , add an IDS. Putting a DB accessible to public via a web server, is a serious thing. And, why not requesting the servicves of an independent security consulting company? HOpe this help. Should you need more info, contact me off list... Max -----Original Message----- From: Mário Behring [mailto:[EMAIL PROTECTED]] Sent: mardi 22 janvier 2002 13:52 To: [EMAIL PROTECTED] Subject: Vulnerability analysis tools Hi list, Does anybody know some good tool for testing a small environment for vulnerabilities ? I have the following scenario: 1- A web server hosted at an IDC (Internet Data Center) 2- A router connected to the IDC via a link (T1 or something) 3- One Microsoft ISA Server running as a firewall with 2 NICs, one connected to the Router described on item 2 and the other connected to the internal network. 4- A Database server - Oracle running on Windows 2000 Server in the internal network. This DB will be accessed by Internet users that visit the website (located at the web server described in item 1) depending on the options they choose at the web page. I need to analyse the vulnerabilities in such a scenario and report them. Is there any tool (freeware or not) that analyse this scenario from various points of view ? For instance, I have to analyse this from the perspective of someone accessing the web page and then accessing the DB server at the internal network. I have some other questions: - Should I put a real firewall in place (Firewall-1 or Raptor for example) instead of this ISA Server ? - Should I create a DMZ and put this DB server there ? Thanks in advance. Mário __________________________________________________ Do You Yahoo!? Send FREE video emails in Yahoo! Mail! http://promo.yahoo.com/videomail/ Visit our website! http://www.nbb.be "DISCLAIMER: The content of this e-mail message does not constitute a commitment of the National Bank of Belgium (NBB) except where provided for in a written agreement between you and the NBB or where confirmed with a written form approved according to the internal regulations of the NBB. Besides, the statements and opinions expressed in this e-mail message are those of the author of the message and do not necessarily represent those of the NBB. The e-mail message contains proprietary information intended for the intended recipient only. If an addressing or transmission error has misdirected this e-mail, please notify the author. If you are not the intended recipient you must not use, disclose, distribute, copy, print or rely on any part of this e-mail message."