This may sound like the long way of doing things and may be just my philosophy on VA & PT but, I've seen Security people get complacent about "real" security. Some tend to think just running a 'canned' tool is enough and that these tools "find everything" and/or if it finds nothing..."ok..we're safe".
I use my own array tools(not necessarily written by me..but I possess them)to do those types of tasks, and find it to be quite through. I've found many holes or exploitable/rootable vulnerabilities with my own bag of goodies, that expensive commercial 'audit' tools never found. Not always, not usually...but more than half a dozen times over the last 2 years...for me anyway. What I want to say is this... IMHO, a Security Engineer should have his/her own "tool bag" of sorts. There are many open source tools, avail scripts, exploits, DoS codes available all over the internet from reputable sources that are not plagued with bogus code, or full of hidden trojans and the like(some are, you need to analyze the code before you run it). My point, for me, many tools of the trade are indeed the exploits themselves. Any malicious attempt to gain access to your network will most likely be done with the "tools/available exploits or home grown code" that I am referencing anyway. Think of it for a minute, some script kiddie that downloads a SMURF or TEARDROP script(or any of a plethora of others)...and launches it at you(as a for instance). Most likely these days many script kiddies are behind a cable modem or even larger bandwidth connections and can be quite dangerous. In order to see if your safe you need to test your devices against these potential threats, using the same code available to the twits that may try to compromise your network...in any way. Your obviously doing it in a controlled and ethical manner(riiiiiight?). IMHO, to be on top of the issue, having a few dozen of your own goodies..either 'borrowed' or home grown. Your own script that automates the process of running them isn't a bad idea either...to test or attempt to penetrate your outward facing network presense(at least). You obviously have to stay on top of keep the newest, latest, greatest OS or APPLIANCE patches or upgrades as well as exploits/DoS code(s) and stay updated with the newest stuff, probably constantly modifying your script to accommodate the revolving door your tool box would most probably would be. I honestly do not know if there are widely accepted 'canned' PT tools on the market these days. I'd guess there are somewhere...but if there good, reputable and/or well known, they're probably not cheap. Cyber Cop used to 'launch' partial exploits on devices if told to, (many times bombing devices or hosts in the process of vulnerability scans) but I think they don't write that anymore and any available updates you could find would probably be grossly outdated. My 2 cents. Hope it helps you. KC CCNA/CCDA/CISSP/Geek -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Thursday, June 12, 2003 10:08 PM To: [EMAIL PROTECTED] Subject: VA vs PT tool Hi, i posted some time on the list a couple of months back for some recommendations on a good VA tool. The bulk of the responses pointed to ISS, NetRecon and Vigilante. However, a VA tool is limited, in that it only stops at the vulnerability. I'm looking at a Pen Test tool that not only does the VA functionality but also exploit the vulnerability thus defining it as a real THREAT and not just a vulnerability. Is there a widely accepted tool on the market right now ? Rgds, Simon Chan, MCP/MCSA/CCNA/CCSA/WCSP Senior Security Engineer ------------------------------------------------------------------------------------ "My statements in this message are personal opinions which may have no basis whatsoever in fact." --------------------------------------------------------------------------------- CONFIDENTIALITY CAUTION : The email is only for the use of the person or entity to whom it is addressed and contains information that is privileged and confidential. If you, the reader of this email are not the intended recipient, any distribution, copying or dissemination of this email is strictly prohibited. If you have received this email in error, please contact the sender immediately by return email and delete this email. Thank you. Please visit our website at http://www.lifeisgreat.com.sg. --------------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------