Re: free hIDS, or system assessment tools

From: Ron Gula (rgula_at_tenablesecurity.com)
Date: 09/28/04

  • Next message: Wozny, Scott (US - New York): "RE: IDS Sensor operation"
    Date: Mon, 27 Sep 2004 21:09:38 -0400
    To: focus-ids@securityfocus.com
    
    

    At 06:17 PM 9/23/2004 -0500, Ty Bodell wrote:
    >Fahad--
    >Nessus does local checks on boxes with SSH :-) And for windows
    >there's always MBSA.
    >--Ty Bodell

    .... hey I thought this was the IDS forum ....

    Of course if you plug Nessus and then mention windows, you should
    check out NeWT 2.1 when we release it later this week. It runs on
    windows, does the same network/SSH/Windows local checks as Nessus
    and has it's own reports and XML format. There is *no charge* for
    the class C version.

    You can download NeWT 2.0 here:
    http://cgi.tenablesecurity.com/tenable/requestForm.php

    NeWT 2.1 will be available later this week and includes support
    for XP SP2, and SSH local checks for AIX, Solaris, SuSE, OS X and
    others.

    And just to bring it back to an IDS discussion, you can run all
    of the NASL scripts from Nessus, right from your windows laptop
    and also enable a variety of NIDS bypass options from an easy
    to use tabbed interface.

    Ron Gula, CTO
    Tenable Network Security
    http://www.tenablesecurity.com

    --------------------------------------------------------------------------
    Test Your IDS

    Is your IDS deployed correctly?
    Find out quickly and easily by testing it with real-world attacks from CORE IMPACT.
    Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more.
    --------------------------------------------------------------------------


  • Next message: Wozny, Scott (US - New York): "RE: IDS Sensor operation"

    Relevant Pages

    • RE: Testing IDS/IPS Signatures
      ... can a scanner be used to validate the IDS ... True, Nessus can help in testing signatures but IMHO, it has limitations. ... > service features in Nessus and NeWT to see what is in fact ...
      (Focus-IDS)
    • Re: Worm generating network attack traffic?
      ... You bring up a good point, but not all Nessus checks are ... with benign payloads and check for a known-vulnerable response. ... should be sufficient to generate an IDS alert. ... FWIW, I have found tools such as Core Impact, Metasploit, and Canvas ...
      (Focus-IDS)
    • Re: IDS Evaluation
      ... >about the accuracy of the ids. ... Nessus has a lot of anti-ids features which still bypass some systems ... the NeWT scanner which does not have a cost for Class-C usage. ... However, when you run vuln scanners against an IDS, you only really ...
      (Focus-IDS)
    • Re: Best Method(s) for signature verifcation.
      ... > Nessus that means you'll be getting a lot of false positives with it. ... > IDS Inforner, Impact, Nexpose and of course a collection of goodies from ... important thing: look at what your test tool ...
      (Focus-IDS)
    • Re: Remote IDS Testing
      ... > There are many open source vulnerability scanners out there. ... > your ip block with nessus should trigger plenty of alerts. ... >> Could someone point me to a few remote IDS testing locations? ...
      (Focus-IDS)