Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Good vulnerability scanner needed & how to install firewall

  1. #1
    Junior Member
    Join Date
    Apr 2003
    Posts
    14

    Good vulnerability scanner needed & how to install firewall

    hi i am a webdesigner and i need a good vulnerability scanner for iis and i am on win98 platform...
    and i also need info on how to install a firewall on my site to keep it secure...
    ---Santosh

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    You can find some good IIS scanner here @

    http://www.astalavista.com/tools/aud...k/http-server/

    also a great too bad Free Trial tool i heard of is Retina

    Retina has won awards for being the best
    IIS exploit/vulnerability scanner on the market.
    you can get it here http://www.lyonware.co.uk/Retina-DOWNLOAD.htm

  3. #3
    I have just been evaluating Retina and have found it to be an excellent vulnerability scanner, however it is not cheap.

    Check out the site http://www.eEye.com

    Cheers

    Golam
    Time flies like an arrow - fruit flies like a banana

  4. #4
    Senior Member
    Join Date
    Oct 2002
    Posts
    314
    Also Check out ISS internet Scanner, and Foundstone Foundscan (if you want to pay for a scanner) or else Cerberus, leviathan, and pluto will all work on Windows. You can find those on Sourceforge (I think)
    Quis custodiet ipsos custodes

  5. #5
    n-stealth is a good http vulnerability scanner and contains a huge database.....nessus is probably the best but needs a real posix os to run it

  6. #6
    Banned
    Join Date
    Apr 2003
    Posts
    3,839
    This one i found 5 minutes ago ... thought i'll tell you about it

    What is it?

    It's a website vulnerability scanner, also called an exploiter. Use is intended to assess the security of your own web site.

    What's different to all the other ones?

    The ability to set individual keywords for each path, POST capability, high speed ....

    Where can I download it?

    Here

    I don't know how to work it

    A basic help file is provided with the program

    I still don't understand xxx feature

    An in depth tutorial is provided here courtesy of SammyBoy and GECKOO - because I hate doing help files

    Anything else, get in touch and I'll help. If it's in the manual prepare to get some random abuse back though.LOL
    Download it Here ( manual included ) : http://rhino.deny.de/triton/index.php

  7. #7
    Senior Member
    Join Date
    May 2003
    Posts
    115
    at our work, i use various tools like retina, etc... (marc maffiret of MOD fame), but many open source tools like nessus, whisker, should do the trick.

    --w0rm3y

  8. #8
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    With windows 98 you are extremely limited with what you can run. I know ISS won't work on it and I am thinking that if that is all you have, you can't use Nessus because you will have nothing to run the actual nessusd off of. I think Retina and Whisker would be ok, but I haven't played around with them enough to know for sure.

    The point is that you really need to upgrade to Win2k or WinXP, and it wouln't hurt to have a linux box around as well, if you are going to do some serious vulnerability analysis. Many of the exploits that are released into the wild are meant to be compiled using the linux tcp/ip stacks (and are some kind of fun to convert to other OS"s ), not to mention it could be used to run other things like nessusd, nmap, etc.

    And don't forget to check out Microsoft's IISLockdown tool. It is very good at scanning your configuration and tightening it. Just be sure to backup you webserver before you do it, IISLockdown sometimes can be over zealous and if you can't figure out what it did to break your configuration, you will be glad you backed your server up...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    If you want a *serious* solution, check out www.nessus.org. You'll need a *nix box or an installation of cygwin http://sources.redhat.com/cygwin/download.html on your 98 machine but it is well worth it.
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    I just realized that I completely missed the original question about the firewall. In order to get a decent response, you will need to give out much more information. What kind of connection to the internet do you have? Cable/DSL, Frame, T1? How many users/machines do you have? How much money do you have to spend on it ?

    If you are off of a Cable/DSL link, a simple Linksys or DLink firewall/router/dhcp server combo would work for you nicely, but if you have several users and/or higher bandwidth, you might want to look at something like a small cisco PIX (which also depends on you funds)...

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •