Does anyone have an opinion on which is better for testing a home network? - SARA http://www-arc.com/sara/ or Nessus http://www.nessus.org/
Please provide some reasons for your choice. ;)
Printable View
Does anyone have an opinion on which is better for testing a home network? - SARA http://www-arc.com/sara/ or Nessus http://www.nessus.org/
Please provide some reasons for your choice. ;)
Personally I used Retina. I only used the trial period, but during that time it provided a thorough and complete analysys (spelling's off ;)) of my network's vulnerabilities. It's capable of scanning over 250+ some odd IP's for LOADS of vulnerabilities and the like. For more information and the download, visit http://www.eeye.com/html/Research/Tools/RPCDCOM.html
I've used all three of those and they each have advantages/disadvantages:
SARA: Decendent of the original, SATAN, this is a nice GUI interface tool that requires a browser. It can be slow but effective in it's scans. Can be determental to some networks with overloading. Requires nmap installation. (*nix only environment AFAIK)
NESSUS: Very powerful tool that requires a server to be active that the client connects to. This has the advantage of having remote scanners on remote LANs that you can connect to without worrying about the internet (and all the devices) potentially impeding the scan. (scan is done locally while the client connects "remotely"). Has even greater potential for affecting network activity (primarily *nix environment. Windows version has rumors of flakiness -- personally have never used the Windows client)
RETINA: fabulous Windows scanner, although pricey. It works great at detecting primarily windows issues. Can also affect network activity. (Windows environment only, AFAIK).
Reality would suggest to NOT rely on one tool but use many to get a more accurate picture. There are other vulnerability scanners (SAINT, SATAN, etc. The following link: http://www.networkintrusion.co.uk/scanners.htm : might be of help).
NMap. www.insecure.org
It is arguably the best scanner out there.
But as for the choices you gave me, I would go with SARA, just through personal experience.
EDIT: Oops... Forgot about the *NIX issue...
Ahh, didn't think of NMap. That would be another great recommendation although I haven't used it in quite some time. On my Windows ME machine, it proved to work wonder's as did Retina. As for SATAN/SAINT, I haven't used those in ages. Wouldn't recommend it due to the fact that I'm not sure how up-to-date and thorough it would prove to be for you. Kudo's to MsMitten's for the brief analysis. :)
The best vulnerability scan is with something like nmap that can show you the services, and versions running.
You can take this knowledge and look up the vulnerabilities for the specific services.
Oh yeah, Core Impact is supposed to be good...
Well, SATAN isn't kept up to date. I mentioned it for posterity of the authors, Dan Farmer and Wiese Venema. The historical value is there. SAINT, on the otherhand, is kept up-to-date. However, I don't usually recommend or use it because they have gone commercial, which is unfortunate. SARA has been a nice alternative that is Open Source and still available for whoever needs it.Quote:
As for SATAN/SAINT, I haven't used those in ages. Wouldn't recommend it due to the fact that I'm not sure how up-to-date and thorough it would prove to be for you.
That all said, it is important to remember not to rely on one tool to determine one's weakness but rather have a variety of tools. This is why it's not a bad idea to have a machine dedicated to this kind of thing that has all the "toys" you need. :D
SARA is OpenSource? Wow, never knew.. I heard little about it but heard it's a more and better updated version of SATAN. That's good to hear, might hafta try it out.
I agree 100%. This is a very good point. The more perspective's you have looking at an issue the better, and the more scanner's you have giving you result's of a machine, the better :)Quote:
not to rely on one tool to determine one's weakness but rather have a variety of tools.
Retina vs. Nessus:
I've used both extensively on purpose: you cannot rely on 1 vulnerability scanner (as others point out).
Retina:
* Detects Windows vulns much better
* Will miss things sometimes (as does Nessus)
* No CSV or TXT export for reports :(
Nessus:
* Seems to detect web server vulns a little better
* A little tricky to configure server (UNIX gurus will do fine)
By the by, Retina's port scanner is Nmap which is darn accurate.
Use both but if I could only have one I would pick Retina (assuming I had the budget).
PS. Any Retina users out there who want to share tips/tricks/issues?
Nessus's port scanner is also nmap :).
Cheers,
cgkanchi
Quote:
Ahhhhmmmm......No....Nessus is not "JUST" nMap. Nessus can be configured to call nMap, as well as several external scanners, such as nikto, hydra, etc. Nessus has an entire set of it's own checks, that are not related to nMap at all.
Nessus is a vulnetability scanner
nMap is a port scanner/enumerator/OS Id'er.
As for the original thread....I like nessus for vulnerability scans, the checks are keep up-to-date., if you runs the update prior to scanning you can ensure that you have the latest checks, and best of all it is 100% completely free.
just my .02
joe :confused: :confused:
Nessus and Retina are my tools of choice. For web server vulnerability scanning i prefer Nikto (its uses libwhisker).
Umm... i said that nessus uses nmap as its port scanner (at least by default), not that nessus==nmap.Quote:
Ahhhhmmmm......No....Nessus is not "JUST" nMap. Nessus can be configured to call nMap, as well as several external scanners, such as nikto, hydra, etc. Nessus has an entire set of it's own checks, that are not related to nMap at all.
Cheers,
cgkanchi
Ahhh....so I see. Sorry for mis-reading your post!
joe :D