| |||||||||||||||||
|
Security Tools for the Budget Conscious ISP, Part II: Vulnerability Assessment and Audit In this article we identify the tools that are available to you as you examine your system's vulnerabilities before and after an attack.
As described in Part 1 of this article, open source and shareware tools can help to bridge gaps between need and budget. To put together a good security toolbox, you'll want to gather a variety of security utilities, ranging from vulnerability assessment and audit to traffic analysis and forensics. Here in Part 2, we identify both commercial products and freely-available tools in the first two categories. We also illustrate a few open source and shareware tools. Vulnerability Scan and Assessment Services When outsourcing, request an example of the report that will be deliveredit should describe executed tests, discovered problems, associated risk levels, and recommended fixes. Beware of services that add little value to shareware scanner output. Commercial vulnerability scanning and assessment services are widely available, ranging from automated vulnerability scans to customized on-site testing and consultation. Here's a diverse, far-from-exhaustive list of commercial services:
To learn more about managed vulnerability services, see our 2003 Managed Security Service Provider Survey. A thorough vulnerability assessment is much more than just a quick scan-and-report. But, if that's all you need, here are some free vulnerability scan services:
Network Vulnerability Assessment Tools You may want to conduct scans from multiple locations inside and outside your network. Start where many hackers startoutside your network, somewhere on the Internetto learn what they can easily find out about you. Never scan a network that doesn't belong to you or that you don't have permission to scan. Beware that scans can impact target networks and systems (i.e., some scans are gentler than others). Scans usually trigger security events, generating copious log records, SNMP traps, and/or e-mail alerts, so advise your NOC staff before conducting a scan.
|
|
|||||||||||||||
|
|
|||||||||||||||||