| I l@ve RuBoard | |
Table 11-1 lists some of the leading network- and host-based vulnerability scanners for some of the more popular operating systems. Often we are asked, “What is the best scanner?” This is a difficult question to answer. There are several good tools available and each has its strengths and weaknesses. One scanner may be better than another at scanning a particular operating system. Another scanner may be faster than the others. Which one is the best really depends on what you are going to be using it for and what features are important to you. Network Associates CyberCop scanner and ISS Internet Scanner are two of the leading scanners for UNIX and Windows NT systems. Our experiences show that Internet Scanner may find vulnerabilities that CyberCop does not and vice versa. Therefore, it may be beneficial to run more than one scanner. This could be very expensive. CyberCop, Internet Scanner, and other leading scanners are not cheap. In fact, we find them quite expensive, but they are considered the top of the pack in automated network-based vulnerability scanners.
| Target Host | Type of Scanner | |
|---|---|---|
| Network-Based | Host-Based | |
| Windows NT | CyberCop, ISS Internet Scanner, HackerShield, NetRecon, Nessus | Enterprise Security Manager (ESM), Pentasafe VigilEnt, ISS System Scanner, Bindview |
| Netware | NetRecon, Kane Security Analyst | ESM, Bindview, Pentasafe VigilEnt |
| Solaris | CyberCop, ISS Internet Scanner, Nessus, HackerShield, NetRecon | ESM, Pentasafe VigilEnt, Bindview |
| AIX | CyberCop, ISS Internet Scanner, HackerShield, Nessus, NetRecon | ESM, Pentasafe VigilEnt |
| HP-UX | CyberCop, ISS Internet Scanner, HackerShield, Nessus, NetRecon | ESM, Pentasafe VigilEnt |
| AS/400 | CyberCop, ISS Internet Scanner, HackerShield, Nessus, NetRecon (all mainly test TCP stack only) | Pentasafe, SafeStone, ESM (with SafeStone plug-in) |
If you have a limited budget, there are free scanners on the market. Nessus is a leader among free scanners and is challenging the top commercial scanners. The January 2001 issue of Network Computing tested the ability of eight vulnerability scanners (Nessus, Network Associates' CyberCop, ISS Internet Scanner, Axent's NetRecon, Bindview's HackerShield, eEye Digital Security's Retina, Security Administrator's Research Assistant [SARA], and World Wide Digital Security's System Analyst Integrated Network Tool [SAINT]) to detect 17 of the top vulnerabilities.[1] Nessus led the group, detecting 15 of the 17 vulnerabilities. Nessus appears to be a viable option as a vulnerability scanner. Nessus is an open-source project that currently has captured a lot of attention and support. If the tool continues to be well supported, it will remain a force in the industry.
[1] Forristal, Jeff, and Greg Shipley. 2001. “Vulnerability Assessment Scanners.” Network Computing, January 8. Accessed online at www.networkcomputing.com/1201/1201f1b1.html.
Often, a scanner that works well for Windows NT and UNIX does not work well for Novell. Thus, for Novell systems you usually need to find a different scanner. NetRecon and Kane Security Analyst are considered excellent tools for Novell.
One key feature to look for in any automated scanner, whether commercial or free, is the frequency of the database updates. In order for the tool to be effective, it must use an up-to-date vulnerability database. The updates enable the scanner to detect the latest vulnerabilities. The level of support for the tools varies. Therefore, before you purchase a scanner be sure to find out how often it is updated.
The following sections focus on specific network-based and host-based scanners.
| I l@ve RuBoard | |