-
June 5th, 2003, 09:11 PM
#1
Junior Member
Good vulnerability scanner needed & how to install firewall
hi i am a webdesigner and i need a good vulnerability scanner for iis and i am on win98 platform...
and i also need info on how to install a firewall on my site to keep it secure...
-
June 5th, 2003, 09:21 PM
#2
You can find some good IIS scanner here @
http://www.astalavista.com/tools/aud...k/http-server/
also a great too bad Free Trial tool i heard of is Retina
Retina has won awards for being the best
IIS exploit/vulnerability scanner on the market.
you can get it here http://www.lyonware.co.uk/Retina-DOWNLOAD.htm
-
June 5th, 2003, 09:33 PM
#3
Member
I have just been evaluating Retina and have found it to be an excellent vulnerability scanner, however it is not cheap.
Check out the site http://www.eEye.com
Cheers
Golam
Time flies like an arrow - fruit flies like a banana
-
June 5th, 2003, 10:15 PM
#4
Also Check out ISS internet Scanner, and Foundstone Foundscan (if you want to pay for a scanner) or else Cerberus, leviathan, and pluto will all work on Windows. You can find those on Sourceforge (I think)
Quis custodiet ipsos custodes
-
June 6th, 2003, 12:40 AM
#5
Member
n-stealth is a good http vulnerability scanner and contains a huge database.....nessus is probably the best but needs a real posix os to run it
-
June 6th, 2003, 04:10 AM
#6
This one i found 5 minutes ago ... thought i'll tell you about it
What is it?
It's a website vulnerability scanner, also called an exploiter. Use is intended to assess the security of your own web site.
What's different to all the other ones?
The ability to set individual keywords for each path, POST capability, high speed ....
Where can I download it?
Here
I don't know how to work it
A basic help file is provided with the program
I still don't understand xxx feature
An in depth tutorial is provided here courtesy of SammyBoy and GECKOO - because I hate doing help files
Anything else, get in touch and I'll help. If it's in the manual prepare to get some random abuse back though. LOL
Download it Here ( manual included ) : http://rhino.deny.de/triton/index.php
-
June 11th, 2003, 04:14 AM
#7
Senior Member
at our work, i use various tools like retina, etc... (marc maffiret of MOD fame), but many open source tools like nessus, whisker, should do the trick.
--w0rm3y
-
June 11th, 2003, 02:43 PM
#8
With windows 98 you are extremely limited with what you can run. I know ISS won't work on it and I am thinking that if that is all you have, you can't use Nessus because you will have nothing to run the actual nessusd off of. I think Retina and Whisker would be ok, but I haven't played around with them enough to know for sure.
The point is that you really need to upgrade to Win2k or WinXP, and it wouln't hurt to have a linux box around as well, if you are going to do some serious vulnerability analysis. Many of the exploits that are released into the wild are meant to be compiled using the linux tcp/ip stacks (and are some kind of fun to convert to other OS"s ), not to mention it could be used to run other things like nessusd, nmap, etc.
And don't forget to check out Microsoft's IISLockdown tool. It is very good at scanning your configuration and tightening it. Just be sure to backup you webserver before you do it, IISLockdown sometimes can be over zealous and if you can't figure out what it did to break your configuration, you will be glad you backed your server up...
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
-
June 11th, 2003, 02:54 PM
#9
If you want a *serious* solution, check out www.nessus.org. You'll need a *nix box or an installation of cygwin http://sources.redhat.com/cygwin/download.html on your 98 machine but it is well worth it.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 11th, 2003, 03:12 PM
#10
I just realized that I completely missed the original question about the firewall. In order to get a decent response, you will need to give out much more information. What kind of connection to the internet do you have? Cable/DSL, Frame, T1? How many users/machines do you have? How much money do you have to spend on it ?
If you are off of a Cable/DSL link, a simple Linksys or DLink firewall/router/dhcp server combo would work for you nicely, but if you have several users and/or higher bandwidth, you might want to look at something like a small cisco PIX (which also depends on you funds)...
/nebulus
There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.
(Merovingian - Matrix Reloaded)
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|