Best tool to check security ?
Hi, I wonder what security check up package would you recommend ? Is Nessus the right one, or should I pick something else ? Regards, Rob.
Hi, this is my understanding of some of the most commonly used tools. I'm pretty sure there are SuSE packages for all of these. There's different sorts of tools for different jobs. Nessus, NMAP and Saint are good for assessing network vulnerabilities. NMAP scans hosts/networks for "Open" ports, i.e. mail services, SSH, HTTP, etc etc. However that in itself wont tell you if any of those are vulnerable to known exploits. That's where Saint or Nessus come in. They will scan the target's port and report on various levels of risk posed by what services and/or versions of programs that they find. Of the two Nessus, is the most comprehensive and a full Nessus scan will take ages to run. Mostly because Nessus doesn't just rely that services only run on certain ports, it actually attempts to identify what service is really running on a particular port (incase someone doesn't use the standard ones). Then there are network intrusion packages like SNORT which you can configure to help spot unusual activity in your network that might indicate you've been compromised. And then there are system intrusion monitors like Tripwire which you can configure to watch for unauthorized changes to important things like system binaries and log files, etc. If you just want to see if anyone has changed your binaries, you can run "rpm -Va" and look for entries with the number "5" in the first field. That indicates that the MD5 checksum has been changed since the RPM was installed. That's probably ok for configuration files but system binaries like "ps" don't normally change for no reason.... Though it's always possible the checksum or the database could have been modified by a skilled attacker. Tripwire can do this sort of thing a lot better but it's a lot more complicated. There's lots of good online O'Reilly books on all of those (and more). If you want you can go to http://safari.oreilly.com/, sign up for a free 14 day trial of their online bookshelf and read a few. Hope that helps! I've only recently got into the security field so perhaps this isn't 100% accurate!
-----Original Message----- From: Robert Rozman [mailto:rozman@fri.uni-lj.si] Sent: Wednesday, 8 December 2004 7:04 a.m. To: suse-security@suse.com Subject: [suse-security] Best tool to check security ?
Hi,
I wonder what security check up package would you recommend ?
Is Nessus the right one, or should I pick something else ?
Regards,
Rob.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hi,
On Wed, 8 Dec 2004 09:09:11 +1300
"Mike Tierney"
Hi, this is my understanding of some of the most commonly used tools. I'm pretty sure there are SuSE packages for all of these.
There's different sorts of tools for different jobs.
[snipped]
Hope that helps! I've only recently got into the security field so perhaps this isn't 100% accurate!
I think you did a good job :) Anyway, there's a link on the nmap site which I find really helpful: http://www.insecure.org/tools.html HTH, -- - E - on SUSE 9.1 | blackbox 0.65 | copperwalls was here ;) "The righteous themselves will possess the earth, And they will reside forever upon it." - Psalm 37:29
participants (3)
-
- Edwin -
-
Mike Tierney
-
Robert Rozman