Familiar with FoundScan?

[amazingzarkon]

Wondering if anyone has seen or worked with Foundstone's FoundScan software?

Looking for a vulnerability scanning solution, and I've seen the discussions and articles on some of the other offerings. Hoping that I might be able to get some feedback on FoundScan.

Thanks!

[Noia]

if u want a free and Alright looking IDS then try http://www.securepoint.cc/
Granted, you have to register it...but it's free and who ever said you have to tell the truth.
I'v been playing around with it....it has some draw backs..but it's still the best I'v found for windows so far....stabile and with an easy to understand GUI..

- Noia

[amazingzarkon]

Thanks - I just downloaded the SecurePoint Software. It looks like it's worth checking out.

Let me outline more specifically what I am looking for in a Vulnerability Scanning solution.

I am looking for a software package that will enable me to automate scanning of a small corporate network.

This network is comprised of approximately 850 end-user workstations (Microsoft. Mostly XP, some Win 2000, 9X, laptops and desktops). Maybe 80 "server" class systems running a mix of Windows 2000, very few NT, AIX, and NetWare OS. Fair amount of network infrastructure devices - almost entirely Cisco. The network is spread out over 1 main location and 3 remote sites.

Though I am most concerned about the server systems in the data-center, I would like the ability to scan the end-user workstations as well. I do not want a "closed" scanning solution that only targets a pre-set list of IP addresses, rather I want to be able to run scans against entire subnets, with the intention of identifying any new, undocumented, and/or unauthorized devices that have been introduced to the network.

By scanning, I would like to see an automated portscan to identify what ports are open on each host. Ability to identify which ports would be scanned on a given run would be very beneficial. The scan should also enumerate common netbios information such as shares, NULL connection, weak passwords, password policy, audit polity, etc. for M$-based systems. Scans should also test for most or all of the CVE vulnerabilities. Missing patches and/or configuration settings should be identified if possible.

Additional information is always welcome, but those are my desired minimums.

Finally, I would ideally like the scanning solution to include some mechanism for storing the results of sequential scans - preferably by each individual host. This is to provide some means of measuring progress in remediation efforts and general documentation.

Right now it sounds to me like I'm going to end up talking to ISS about their RealSecure Scanner product. I have already had one conversation with them and was told of their licensing policy - which basically is to license their scanner per address to be scanned. I simply will not do this and if I can get this elsewhere without having to fight about the licensing I will happily do so.

It also sounds like FoundScan might be just what I'm looking for, but I need to get a better understanding of what they're doing. It would be nice to find an actual user of the product to get their read on it. What they like about it, what they don't like. What kind of false positives are they seeing. Any negative impact on systems being scanned, etc. Also some ballpark pricing would be nice.

Thanks!


Note: This is an automated solution for scanning the whole network from end to end on a regular basis. I currently and plan to continue ad hoc scans of mission critical, or publicly accessible hosts using a variety of other scanners and tools. Those tools just are not practical for the scope of what I want to put in place as part of regular practice here.

[micky05]

This article may help you with what you are looking for http://www.infosecuritymag.com/2003/mar/cover.shtml