Re: Audit Tools
From: Marnix Petrarca (Marnix@DaemonLabs.com)Date: 08/31/01
- Previous message: H C: "Re: Network Trojan / Malware scanning tools"
- In reply to: Evan Mann: "RE: Audit Tools"
- Next in thread: SysAdmin: "RE: Audit Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <001f01c1322c$d5e4dc60$0100a8c0@DaemonLabs.com> From: "Marnix Petrarca" <Marnix@DaemonLabs.com> To: "Evan Mann" <emann@questinc.org>, <focus-ms@securityfocus.com> Subject: Re: Audit Tools Date: Fri, 31 Aug 2001 16:54:28 +0200
I would like to add that false-positives in any case from a well-known tool
that is also in use by hackers and what have you deserve investigation and
should by their nature be eliminated through either proper feedback to
manufacturers of the tool, or adjusting of settings in software in case it
is not a false-positive.
Let us remember that as long as hackers are attracted to false-positives,
even the read-out of one should be eliminated, and thus it is positive to be
aware of a false-positive.
Just my 2cts
Marnix Petrarca
CEO
DaemonLabs.com
Kruisstraat 16
1621 EJ Hoorn, NH.
The Netherlands.
Chamber of Commerce 370.961.29
Phone: +31-229-299-454
Fax: +31-229-296-091
Mobile: +31-6-11-250-524
Partner and Authorised Reseller of:
* ClickToSecure.com 'HailStorm, The Next-Generation Auditing Tool'.
* eEye.com Retina, Iris and SecureIIS Application Firewall.
* CheckPoint Firewall-1 / VPN-1.
* NFR.com Network Flight Recorder Network Intrusion Detection Systems.
* NetworkIce BlackIce Defender Firewall and NIDS.
* TrendMicro ScanMail VirusWall, WebSense Content-Filtering.
* USB Crypt-Key Verification Systems.
* Open-Source Solutions RedHat Linux, OpenBSD, Nessus, NMap.
* DataRescue IDA Interactive DisAssembler.
* VMWare Workstation (Multi-OS simultaneously), VMWare Express
(Win95/98 on Linux), ESX, GSX (QoS Server Management).
* Tobit Unified Messaging Solutions: Integrated SMS, VMail, EMail, Fax and
VoIP.
----- Original Message -----
From: "Evan Mann" <emann@questinc.org>
To: <focus-ms@securityfocus.com>
Sent: Thursday, August 30, 2001 5:55 PM
Subject: RE: Audit Tools
> Off the topic here, but...
>
> I have yet to personally use Retina, but I tend to prefer 'fluff' when it
> comes to security. Example:
>
> BlackICE Defender as a home based firewall reports 99.5% of the time false
> positives, showing you port probes and pings as "attacks". Most home
> firewall users blast the program for doiung that claiming false sense of
> paranoia on home users. Me personally? I liked it (when I used
BlackICE,
> I've since switched to Tiny Personal Firewall). For someone who knows
what
> they're doing and has some form of a clue about security, all those false
> positives and fluff are good indicators of what is happening to your
system
> and what it's doing to react. Even if you don't need to know it, and it
> takes extra time to sift through, I wouldn't call a product bad or not
> effective just because it wastes a little bit of my time.
>
>
> -----Original Message-----
> From: Tiburon FC [mailto:tiburon_fc@hotmail.com]
> Sent: Wednesday, August 29, 2001 7:02 PM
> To: focus-ms@securityfocus.com
> Cc: Brian.Carvalho@verizon.net
> Subject: RE: Audit Tools
>
>
> Retina is full of false positives. Many of the "Security Risks" it
> identifies, requires sifting through too much fluff to actually get to the
> items that are pertinent. The reporting is far from "Top Notch".
>
> Solarwinds anyone? :)
>
> - Tib
> Jack of all trades, Master of none...
>
>
>
>
> -----Original Message-----
> From: Brian Carvalho [mailto:Brian.Carvalho@verizon.net]
> Sent: Wednesday, August 29, 2001 10:28 AM
> To: focus-ms@securityfocus.com
> Subject: Re: Audit Tools
>
> Personally, I like the Retina Security Analyzer by eEye...
>
> It will do most of what you are looking for and the report
> it gives you is top notch. Not to mention that it will make
> certain recommendations where it finds security risks.
>
> http://www.eeye.com
>
>
>
> ----- Original Message -----
> From: <milt@necam.com>
> To: <focus-ms@securityfocus.com>
> Sent: Wednesday, August 29, 2001 11:57 AM
> Subject: Audit Tools
>
>
> >Lets assume our company takes over another ... actually taking place ...
> our
> >company wants to audit the other company's network ... at this point we
> are
> >told it is NT ... not told too much else like what version, service
packs,
> >controllers, backups, etc. Is there an audit tool that will tell us such
> things
> >as security holes, number of users, groups, rights, etc.? I need a
> 'all-in-one'
> >'sweeper package'... is there such a thing? ... what would you recommen
>
>
> _________________________________________________________________
> Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
>
- Previous message: H C: "Re: Network Trojan / Malware scanning tools"
- In reply to: Evan Mann: "RE: Audit Tools"
- Next in thread: SysAdmin: "RE: Audit Tools"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
