May 31st, 2004, 10:01 PM
Does anyone have an opinion on which is better for testing a home network? - SARA http://www-arc.com/sara/ or Nessus http://www.nessus.org/
Please provide some reasons for your choice.
May 31st, 2004, 10:12 PM
Personally I used Retina. I only used the trial period, but during that time it provided a thorough and complete analysys (spelling's off ) of my network's vulnerabilities. It's capable of scanning over 250+ some odd IP's for LOADS of vulnerabilities and the like. For more information and the download, visit http://www.eeye.com/html/Research/Tools/RPCDCOM.html
May 31st, 2004, 10:19 PM
I've used all three of those and they each have advantages/disadvantages:
SARA: Decendent of the original, SATAN, this is a nice GUI interface tool that requires a browser. It can be slow but effective in it's scans. Can be determental to some networks with overloading. Requires nmap installation. (*nix only environment AFAIK)
NESSUS: Very powerful tool that requires a server to be active that the client connects to. This has the advantage of having remote scanners on remote LANs that you can connect to without worrying about the internet (and all the devices) potentially impeding the scan. (scan is done locally while the client connects "remotely"). Has even greater potential for affecting network activity (primarily *nix environment. Windows version has rumors of flakiness -- personally have never used the Windows client)
RETINA: fabulous Windows scanner, although pricey. It works great at detecting primarily windows issues. Can also affect network activity. (Windows environment only, AFAIK).
Reality would suggest to NOT rely on one tool but use many to get a more accurate picture. There are other vulnerability scanners (SAINT, SATAN, etc. The following link: http://www.networkintrusion.co.uk/scanners.htm : might be of help).
May 31st, 2004, 10:24 PM
It is arguably the best scanner out there.
But as for the choices you gave me, I would go with SARA, just through personal experience.
EDIT: Oops... Forgot about the *NIX issue...
Real security doesn't come with an installer.
May 31st, 2004, 10:30 PM
Ahh, didn't think of NMap. That would be another great recommendation although I haven't used it in quite some time. On my Windows ME machine, it proved to work wonder's as did Retina. As for SATAN/SAINT, I haven't used those in ages. Wouldn't recommend it due to the fact that I'm not sure how up-to-date and thorough it would prove to be for you. Kudo's to MsMitten's for the brief analysis.
May 31st, 2004, 10:34 PM
The best vulnerability scan is with something like nmap that can show you the services, and versions running.
You can take this knowledge and look up the vulnerabilities for the specific services.
Oh yeah, Core Impact is supposed to be good...
Real security doesn't come with an installer.
June 1st, 2004, 01:10 AM
Well, SATAN isn't kept up to date. I mentioned it for posterity of the authors, Dan Farmer and Wiese Venema. The historical value is there. SAINT, on the otherhand, is kept up-to-date. However, I don't usually recommend or use it because they have gone commercial, which is unfortunate. SARA has been a nice alternative that is Open Source and still available for whoever needs it.
As for SATAN/SAINT, I haven't used those in ages. Wouldn't recommend it due to the fact that I'm not sure how up-to-date and thorough it would prove to be for you.
That all said, it is important to remember not to rely on one tool to determine one's weakness but rather have a variety of tools. This is why it's not a bad idea to have a machine dedicated to this kind of thing that has all the "toys" you need.
June 1st, 2004, 01:13 AM
SARA is OpenSource? Wow, never knew.. I heard little about it but heard it's a more and better updated version of SATAN. That's good to hear, might hafta try it out.
I agree 100%. This is a very good point. The more perspective's you have looking at an issue the better, and the more scanner's you have giving you result's of a machine, the better
not to rely on one tool to determine one's weakness but rather have a variety of tools.
June 1st, 2004, 03:25 AM
Retina vs. Nessus:
I've used both extensively on purpose: you cannot rely on 1 vulnerability scanner (as others point out).
* Detects Windows vulns much better
* Will miss things sometimes (as does Nessus)
* No CSV or TXT export for reports
* Seems to detect web server vulns a little better
* A little tricky to configure server (UNIX gurus will do fine)
By the by, Retina's port scanner is Nmap which is darn accurate.
Use both but if I could only have one I would pick Retina (assuming I had the budget).
PS. Any Retina users out there who want to share tips/tricks/issues?
June 1st, 2004, 08:59 AM
Nessus's port scanner is also nmap .