Network Security Auditing

[Mavrick007]

My company is looking to purchase a good Security Audit Software package that offers auditing of Operating systems(Windows 95,98,NT,2000), networks(NDS and NT), and database (Oracle). We need to be able to deal with a company that offers good maintenance and strong software that is reliable. We are presently using Kane Security Software but we are looking for other packages that might handle our concerns and need.

What do people have experience with or what has anyone heard was good Security Audit Software?

 

[Garion]

You might check out the tools provided by ISS - They have some great products. I've used their Internet scanner several times in the past for network security audits and penetration tests. It has it's ups and downs, but all in all works quite well.

- G

 

[ScottMac]

Ditto on the ISS recommendation. They do/did an outstanding job on monitoring and maintiaining security at the NetWorld + Interop shows...one of the juciest hacking targets on the Internet.

FWIW

Scott

 

[Woodie]

You might try NetIQ or Aelita also.

--Woodie

 

[RagManX]

Are you looking for a company to do security assessments, or are you looking for software so you can do your own?

RagManX

 

[Mavrick007]

We are looking for software that "we can use ourselves" to audit the different departments for security of the database and the Network(NDS and NT). We do this randomly to make sure that the data is protected, old accounts are deleted, passwords are the right length and not used over and over, ports aren't open which attackers can gain access to, protocols aren't open to use if not needed, and the like.

Thanks for the input. Any other info would be appreciated.

 

[Thor86]

GFI also has a great freeware utility called Languard which scans typical ports for what is being hosted on your network.

 

[n0cmonkey]

nessus, ISS, saint

 

[RagManX]

I'm a huge believer in legally free stuff. Causes me all kinds of headache at work, as they don't want to use anything for free "because someone might have put a trojan in the source code." Any way, hit http://www.nessus.org/ for the best security vulnerability available right now (cost - free). You run the scanning engine on a *nix machine. The graphical scanning controller interface runs in *nix and Winderz. When not using Nessus to scan your network, you'll want to routinely run nmap and see what ports are open. Also, Superscan is a great scanner, and is also free (don't have a link handy - you'll have to search for it). It is a Winderz based network vulnerability scanner.

You might also think about running Snort (http://www.snort.org/) for intrusion detection on your network. Again, it is free, and has plenty of free tools available to make it easier to work with.

ISS is a good scanner, but tasty-hot expensive. And reviews I have seen suggest the ISS is, in the best case, equal to Nessus in detecting vulnerabilities, and in some cases is less capable. ISS has Nessus beat for printing out what it finds and detailing fixes that most non-techies can fix. But for best capabilities, I still say go with Nessus.

Can't help with the database stuff. Let me know if I can help any more.

RagManX