Results 1 to 5 of 5

Thread: SANS Top 20 - Anyone have Policies for ISS, STAT Scanner, etc.?

  1. #1
    Junior Member
    Join Date
    Nov 2001
    Posts
    17

    Unhappy SANS Top 20 - Anyone have Policies for ISS, STAT Scanner, etc.?

    I was wondering if anyone had or knew where to download scanner policies that focus on the SANS TOP 20 - specifically for ISS Internet Scanner and Harris STAT Scanner/Analyzer?

    Simply Astrid ......
    or sometimes just \"Simple Astrid!\"

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867

    ISS Policies

    As for ISS, scanner policies are internally created and are usually very specific to the system(s) your scanning. I have created several policies for various systems (NT, Unix, WIN2000) which, while effective for my systems, I doubt they would be effective for anyone else (even if I was to share them.) If you are a licenced user of ISS, have you contacted the support center and asked for their help/advice?

    I have no knowledge of Harris STAT Scanner/Analyzer. Sorry I could not be of more help.


    DjM

  3. #3
    Junior Member
    Join Date
    Nov 2001
    Posts
    17
    Well - yes. ISS isn't one of the most *helpful* of companies that I've had the distinct pleasure of working with. I guess when you become the 800 Pound *Microsoft*Gorilla of the IT Security World, you become more focused on profit than product.

    I was trying to not have to re-invent the wheel because cross-referencing SANS Top 20 with the specific vulns/exploits in ISS Internet Scanner and creating a policy is a chore - possible because ISS is supposedly CVE compliant with mitre.org's list, but about as fun as waxing your legs since 1 SANS Top 20 item can comprise up to 20 different CVE or CANs. However, the people I work for to pay off the tuition bill believe the SANS Top 20 list is the word of God ......

    HARRIS said they will be including the SANS Institute Top 20 list with their Vulnerability Scanner Productnext month. I like their ANALYZER product - it can import the ISS Scanner data and output more informative/better presented reports than ISS. It's drawback is that it doesn't fully scan the Unix systems yet like AIX and HP. Does Linux flavors though.

    Simply Astrid ......
    or sometimes just \"Simple Astrid!\"

  4. #4
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    Well, just as a suggestion, I have found SANS to be quite helpful in the past. Maybe there is a way to contact them and put the question to them. If they don't have a policy to share with you, maybe they would be willing to create a 'generic' one and post it on their website for you and others to download. Like I said, it's just a suggestion, they may tell you to take a hike but it don't cost anything to ask.



    DjM

  5. #5
    Junior Member
    Join Date
    Nov 2001
    Posts
    17
    Yeah - I talked to my ISS territory rep and their tech support. They said *maybe* ..... but didn't sound too interested. I'm beginning to get the impression, since they rely mainly on their X-Force Team, they see SANS and MITRE.ORG as an annoyance.

    Simply Astrid ......
    or sometimes just \"Simple Astrid!\"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •