Re: Security scanning tools

From: Carlton Foster (c.a.foster_at_larc.nasa.gov)
Date: 12/15/03

  • Next message: H Carvey: "Re: Security scanning tools"
    Date: Mon, 15 Dec 2003 15:01:57 -0500
    To: security-basics@securityfocus.com
    
    

    If you're scanning Windows based machines on a Windows domain, use
    Nessus and give it a valid domain username and password in the SMB login
    options.

    Some tests in Nessus do require admin rights, but they tell you that in
    the description. Most, however, are better with just user access.

    Read this: http://www.nessus.org/doc/nessus_windows_scanning.pdf

    and this: http://www.nessus.org/doc/nessus_domain_whitepaper.pdf

    They should explain everything.

    Personally, having ISS, MBSA, and Nessus available, I will use Nessus
    over the other two every time. A few times people have challenged the
    validity of the Nessus results, and I have gone to the machines and
    proven the scanner was correct. Nessus the program, and the development
    team, have earned my trust in that product. Don't waste your money
    elsewhere...

    Jack Solomon wrote:

    >
    > All
    >
    > Im currently testing new scanning tools to replace nessus. I ran ISS
    > system scanner and Micro$oft Baseline Security analyst on a win2000
    > box and compared the results to the regular nessus scan. Each product
    > reports different things...
    >
    > - Nessus says everything is cool
    > - MS BSA reports that patch ms02-032 has not been applied
    > - System scanner finds a nonexistent modem, no virus software (as if!)
    > but no patches
    >
    > When I logon to the machine and try to run the MS update routine
    > through IE, it reports no patches to be applied. Am I going crazy or
    > using the tools wrong? surely they should all report the same
    > vulnerabilities?
    >
    > My questions to the group are:
    > 1. What tool[s] should I look to buy that that correctly reports
    > security vulnerabilties with the least false positives?
    > 2. Are false positives a known [feature] of all scanning tools?
    >
    >
    > Jack
    >
    > _________________________________________________________________
    > Hotmail messages direct to your mobile phone
    > http://www.msn.co.uk/msnmobile
    >
    >
    > ---------------------------------------------------------------------------
    >
    > ----------------------------------------------------------------------------
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: H Carvey: "Re: Security scanning tools"

    Relevant Pages

    • Re: Nessus plugin can not find msblast infected machine?
      ... >> share with me how I can locate infected PC by using nessus? ... > your machines. ... There is a plugin id 11818 for detecting machine infected by msblast. ...
      (comp.security.unix)
    • Re: Nessus plugin can not find msblast infected machine?
      ... > I ran nessus with all the plugins turn on including those msblast ... > share with me how I can locate infected PC by using nessus? ... given ports (TFTP for worm replication, perhaps also a shell in a given ... Scan for those open in the infected machines and let us ...
      (comp.security.unix)
    • Nessus
      ... I have been doing some preliminary scans over a few test machines. ... Can Nessus do this? ... of accounts with blank passwords. ... enumerate netBIOS accounts and then use a dictionary attack against ...
      (comp.security.misc)
    • Nessus question
      ... I have been doing some preliminary scans over a few test machines. ... Can Nessus do this? ... of accounts with blank passwords. ... enumerate netBIOS accounts and then use a dictionary attack against ...
      (comp.security.unix)
    • Re: Nessus
      ... > I have been doing some preliminary scans over a few test machines. ... Can Nessus do this? ... > of accounts with blank passwords. ... > the target machine for a hacker to pull account names and then be able ...
      (comp.security.misc)