Re: PINGWARE

[newsham () wiliki eng hawaii edu (Timothy Newsham)]

> Jason,
> Tools like COPS and RAXCO Unix Security Toolkit are tools that take a 
> snapshot of the system security and the output advises the operator about 
> the what it thinks is wrong or if somethings changed, etc..  I was told that 

cops and raxco (raxco is based on cops) do more than one type of testing.
What you describe is what the tripwire program does.  COPS does this
as well I believe but COPS will also look for certain bad configurations
that would let an intruder do naughty things.

> PINGWARE is a tool that is used for penetration testing (i.e.,  it 
> circumvents the target systems security and reports back.).  Or is this a 
> tool where you have to install an agent on the machine you need to analyse 
> and it comes back and reports on things like guessed passwords, improper 
> file and directory permissions, exported file systems, etc.?

PINGWARE is similar to COPS in that it will look for bad configurations
and report back to you.  PINGWARE does its work, however, by connecting
to services over tcp/ip.  It checks things like what version of sendmail
you are running.  The ISS program also works along these lines.  The
original version is freely available and was posted to one of the
comp.sources groups.  The current version of ISS is a commercial product.

> |      dagostin () killerbee jsc nasa gov  (713-282-3717)  |