Results 1 to 8 of 8

Thread: Foundstone Vulnerability Scans

  1. #1
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830

    Foundstone Vulnerability Scans

    I received the following in an email from Foundstone:

    Foundstone would like to extend a special, limited-time offer to you

    Given America’s mounting security awareness, and consistent with the National Strategy to secure cyberspace, Foundstone is offering a 30-day trial of the Foundstone Managed Security Service. At no cost to you, the Foundstone Managed Security Service can create an immediate, detailed view of your Internet-based assets that could be at risk. Accurate assessments of your network’s exposure to cyber-attacks will be essential to the American economy-and is why we’re making this offer right now.

    Because the U.S. possesses the world's strongest military and the largest national economy, the two are mutually reinforcing and dependent, and are reliant upon certain critical infrastructures - physical and cyber-based systems essential to the minimum operations of the U.S. economy and governmental agencies. By offering a free managed service to the country’s interdependent and indispensable critical infrastructure organizations, Foundstone can help strengthen the growing spirit of government-business partnership for global economic stability.

    Designed and staffed by Foundstone experts - representing one of the world’s largest talent pools of network security experts from the top-level security agencies such as the United States Air Force Information Warfare Center - the Foundstone Managed Security Service performs automated vulnerability assessments and identifies network security weaknesses within critical management services, web applications, and databases, with 99% accuracy .

    You can take advantage of this service immediately by contacting Foundstone at 1.877.91.FOUND or email us at freeoffer@foundstone.com. And remember, this does not require installing software or dedicating any hardware and is a non-disruptive solution with minimal or no impact on staff productivity. You must take advantage of the offer by April 30, 2003.
    I don't know if you have to make any long-term commitment to get the free 30 days, but small and medium companies may want to take them up on their offer- even if only for the free month to find the existing vulnerabilities and try to mitigate or remediate them.

    I like Foundstone in general, but I don't know anything specific about this service nor have I seen it in action so I can't speak to how good it is.

  2. #2
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    You were always able to demo their products.

    I agree, they make nice stuff.

    Regards.
    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  3. #3
    We have seen some good information from Foundstone. I would like to go to one of their classes on security sometime soon. Another company, but I am unsure of what demos they have would be TruSecure...
    \"Quis custodiet ipsos custodes?\"
    -Juvenal

  4. #4
    Senior Member
    Join Date
    Mar 2003
    Posts
    452
    Because we're talking about Foundstone, anyone who's not familiar with their books might want to pick up a copy of Hacking Exposed and Hacking Linux Exposed. Also, Incident Response is a great book with lots of good practices and techniques.


    PuRe
    Like this post? Visit PuRe\'s Information Technology Community. We\'ve also got some kick ass Technology Forums. Shop for books and dvds on LiveWebShop.com

  5. #5
    Because we're talking about Foundstone, anyone who's not familiar with their books might want to pick up a copy of Hacking Exposed and Hacking Linux Exposed. Also, Incident Response is a great book with lots of good practices and techniques.
    Thanks for the suggested readings. It was also suggested to me from someone else to look into the books Hack Attacks Revealed and Hack Attacks Denied. I don't think those are Foundstone books though. Anyone hear of them before?

    Anyone been to the Foundstone classes? Did they provide good info in actually securing servers?

    My apologies as I started going off the thread path me'ah.
    \"Quis custodiet ipsos custodes?\"
    -Juvenal

  6. #6
    AO Security for Non-Geeks tonybradley's Avatar
    Join Date
    Aug 2002
    Posts
    830
    Hack Attacks Revealed is by John Chirillo and is not related to the Hacking Exposed series from the Foundstone guys.

    It is a very good book though. I reviewed it for my site a few weeks ago.

    I have read Hacking Windows 2000 Exposed, Hacking Exposed 3rd Edition and I am working on trying to solve the scenarios in Hacker's Challenge which is part of the Hacking Exposed series and basically has you do forensic investigation for 20 different incidents.

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,325
    I am working on trying to solve the scenarios in Hacker's Challenge
    I really liked those ones. I read the first one in less than a week on the beach. I wasn't able to solve too many of them on my own. I have learned a lot since then.

    I have the second one too. I've decided to save that one for the beach as well. I'll hopefully be able to solve many more on my own that way.

    Have you looked at the Product / Book Reviews forum? They are some pretty good suggestions for reading in there.
    All of the ones that are mentioned above and many many more.

    If you like scenario books... check out Incident Response too.

  8. #8
    Hack Attacks Revealed by Mr Chirillo is just palin bad! The Hacking exposed series is very detailed and explains what actually is going on in each attack...in otherwords how to do things from the command line. Hack Attacks Revealed on the otherhand lists all the script kiddy tools and when how to use them. Completely useless material! You learn abit about some tools you can download, but thats about it. It doesn't explain really how the tool is exploiting anything. There is also a CD included with the book that has his "tigertools" included. You can upgrade to "tigertoolspro" or something like that for a small fee. A bunch of tools that are dressed up freeware type stuff. The only good thing coming out from that series are the forensics test online. Anyway, my 2 cents...
    Hacking Exposed = Great
    Hack Attacks Reveealed = Money down the drain

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •