Another tool that can be used for Pen Testing and which is in the same line as Knoppix is F.I.R.E. (Forensic and Incident Response Environment - http://fire.dmzs.com/). F.I.R.E. was showcased in a webcast in May 2003 hosted by SANS. F.I.R.E. is a Linux Bootable CD Image which has several well-known open source tools for Forensics, Vulnerability Assessments and Pen Tests.
Rafael Rosado, CISSP, CISA Lucent Technologies IT Security Manager - Corporate Security Business Assurance and Risk Mitigation Services (B.A.R.M.S.) 2400 SW 145th Avenue Miramar, Florida 33027 Office: 954-885-2176 Facsimile: 954-885-3861 Email: [EMAIL PROTECTED] This electronic mail message contains information belonging to Lucent Technologies, which may be confidential and/or legal privileged. The information is intended only for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, printing, copying, distribution, or the taking of any action in reliance on the contents of this electronically mailed information is strictly prohibited. If you receive this message in error, please immediately notify us by electronic mail and delete this message. -----Original Message----- From: Brad Mills [mailto:[EMAIL PROTECTED] Sent: Friday, June 13, 2003 10:19 PM To: James Fields; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: VA vs PT tool James, et al - > I didn't see this on your list below but I would be surprised if no one > had suggested it... > > Nessus (www.nessus.org) will do *some* of that depending upon the > vulnerability and how you configure Nessus to do the scan. The > following are advantages/disadvantages depending upon your point of > view: > > 1. Runs on Linux (as a server, there are clients for other platforms > for driving the scans) 2. Open-source (snips) (...for windows guys) Grab the latest Knoppix 650-meg *.iso, burn to a CD. Boot most any modern machine from it, has Nessus in there, ready to go. May not be 'minutes fresh' on updates, but indeed, grabs it's IP from your dhcp server, and is ready to rumble in minutes. Best of all, it doesn't touch your windows partitions. As well, has ethereal, and nmap installed. An amazing distibution, indeedie. .02, /b --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------