Penetration Testing mailing list archives
Re: [PEN-TEST] Security Scanner (Commercial vs Freeware)
From: Steve <steve () SECURESOLUTIONS ORG>
Date: Tue, 24 Oct 2000 12:49:04 -0600
In my past jobs, I had written some product reviews on different scanners (http://www.ntsecurity.net/Articles/Index.cfm?StartRow=21&MaxRows=20&Total=3 9&AuthorID=1022). I have looked at most of the commercial ones and a couple of the freeware ones. In my opinion, the freeware/OPEN SOURCE (don't know if there are any free closed source scanners out there but I would stay away from them....) are great providing you have the staff and expertise to modify and constantly update the products. If you want a product that you don't have to worry about updating and modifying, the commercial scanners are best. These days, when looking at buying a scanner you have to look at who is supporting the product and who is updating it. Sure there are a lot of scanners out there that claim to scan for a lot of vulnerabilities. But you have to ask yourself if you are able to trust and rely on the security team that is providing the information and updates to the product. It is more than the vulnerability/check count as each vendor counts checks differently than the other. My other issue with commercial scanner products is that most of them market themselves as "so easy that you don't need to be a security expert to run". This is a little misleading, sure you may not need to be a complete expert, but you are still going to have to be able to understand the information presented to you and understand how to address the problems. Information Security Magazine, I don't know the URL so sorry, also did some complete reviews of security scanners and more importantly, the security teams behind the scanners. No matter what scanner product you use you will not capture 100% of the vulnerabilities nor will you ever secure a box 100%, but you will end up with a product that automates a lot of tasks and gives you some nice reporting. Just my $.02.
Hi everyone. I was wondering if anyone would mind comparing and contrasting for me the benefits / liabilities of using a commercial product (such as Cybercop, ISS, or Retina) vs. something freeware like Nesses. If you know of any other commercial or freeware scanners please feel free to include them in the comparison.
------------------------------------------------------------------------ Steve Manzuik Calgary, Alberta, Canada Moderator - Win2K Security Advice (403)660-2997 Security Analyst - Bindview RAZOR Team smanzuik () razor bindview com http://razor.bindview.com * - The opinions expressed in this email are mine, and mine alone. They - * * - do not reflect those of my employer or anyone else for that matter. - * ------------------------------------------------------------------------
Current thread:
- [PEN-TEST] Security Scanner (Commercial vs Freeware) Leon Rosenstein (Oct 25)
- Re: [PEN-TEST] Security Scanner (Commercial vs Freeware) Steve (Oct 25)
- <Possible follow-ups>
- Re: [PEN-TEST] Security Scanner (Commercial vs Freeware) Swen Schisler (Oct 26)