-
April 10th, 2002, 05:31 AM
#1
Junior Member
SANS Top 20 - Anyone have Policies for ISS, STAT Scanner, etc.?
I was wondering if anyone had or knew where to download scanner policies that focus on the SANS TOP 20 - specifically for ISS Internet Scanner and Harris STAT Scanner/Analyzer?
Simply Astrid ......
or sometimes just \"Simple Astrid!\"
-
April 11th, 2002, 04:51 PM
#2
ISS Policies
As for ISS, scanner policies are internally created and are usually very specific to the system(s) your scanning. I have created several policies for various systems (NT, Unix, WIN2000) which, while effective for my systems, I doubt they would be effective for anyone else (even if I was to share them.) If you are a licenced user of ISS, have you contacted the support center and asked for their help/advice?
I have no knowledge of Harris STAT Scanner/Analyzer. Sorry I could not be of more help.
DjM
-
April 12th, 2002, 02:38 AM
#3
Junior Member
Well - yes. ISS isn't one of the most *helpful* of companies that I've had the distinct pleasure of working with. I guess when you become the 800 Pound *Microsoft*Gorilla of the IT Security World, you become more focused on profit than product.
I was trying to not have to re-invent the wheel because cross-referencing SANS Top 20 with the specific vulns/exploits in ISS Internet Scanner and creating a policy is a chore - possible because ISS is supposedly CVE compliant with mitre.org's list, but about as fun as waxing your legs since 1 SANS Top 20 item can comprise up to 20 different CVE or CANs. However, the people I work for to pay off the tuition bill believe the SANS Top 20 list is the word of God ......
HARRIS said they will be including the SANS Institute Top 20 list with their Vulnerability Scanner Productnext month. I like their ANALYZER product - it can import the ISS Scanner data and output more informative/better presented reports than ISS. It's drawback is that it doesn't fully scan the Unix systems yet like AIX and HP. Does Linux flavors though.
Simply Astrid ......
or sometimes just \"Simple Astrid!\"
-
April 12th, 2002, 03:23 PM
#4
Well, just as a suggestion, I have found SANS to be quite helpful in the past. Maybe there is a way to contact them and put the question to them. If they don't have a policy to share with you, maybe they would be willing to create a 'generic' one and post it on their website for you and others to download. Like I said, it's just a suggestion, they may tell you to take a hike but it don't cost anything to ask.
DjM
-
April 13th, 2002, 06:55 AM
#5
Junior Member
Yeah - I talked to my ISS territory rep and their tech support. They said *maybe* ..... but didn't sound too interested. I'm beginning to get the impression, since they rely mainly on their X-Force Team, they see SANS and MITRE.ORG as an annoyance.
Simply Astrid ......
or sometimes just \"Simple Astrid!\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|